使用 Azure Active Directory 连接服务诊断错误Diagnosing errors with the Azure Active Directory Connected Service

检测以前的身份验证代码时,Azure Active Directory 连接服务器检测到不兼容的身份验证类型。While detecting previous authentication code, the Azure Active Director connect server detected an incompatible authentication type.

若要正确检测某个项目中以前的身份验证代码,必须生成该项目。To correctly detect previous authentication code in a project, the project must be built. 如果看到此错误,并且项目中不存在以前的身份验证代码,请重新生成项目并重试。If you see this error and you don't have a previous authentication code in your project, rebuild and try again.

项目类型Project types

连接服务会检查你正在开发的项目类型,以便可以将正确的身份验证逻辑注入到项目。The connected service checks the type of project you’re developing so it can inject the right authentication logic into the project. 如果项目中有控制器派生自 ApiController,则该项目会被视为 WebAPI 项目。If there's any controller that derives from ApiController in the project, the project is considered a WebAPI project. 如果项目中的控制器均派生自 MVC.Controller,则项目会被视为 MVC 项目。If there are only controllers that derive from MVC.Controller in the project, the project is considered an MVC project. 连接服务不支持任何其他项目类型。The connected service doesn't support any other project type.

兼容的身份验证代码Compatible authentication code

连接服务还会检查是否存在以前配置的身份验证设置或与该服务兼容的身份验证设置。The connected service also checks for authentication settings that have been previously configured or are compatible with the service. 如果所有设置都存在,则会将其视为可重入情况,连接服务将打开并显示这些设置。If all settings are present, it's considered a re-entrant case, and the connected service opens display the settings. 如果只存在某些设置,则会将其视为错误情况。If only some of the settings are present, it's considered an error case.

在 MVC 项目中,连接服务会检查是否存在以下任何设置(这些设置是以前使用该服务生成的):In an MVC project, the connected service checks for any of the following settings, which result from previous use of the service:

<add key="ida:ClientId" value="" />
<add key="ida:Tenant" value="" />
<add key="ida:AADInstance" value="" />
<add key="ida:PostLogoutRedirectUri" value="" />

此外,连接服务还会在 Web API 项目中检查是否存在以下任何设置(这些设置是以前使用该服务时生成的):Also, the connected service checks for any of the following settings in a Web API project, which result from previous use of the service:

<add key="ida:ClientId" value="" />
<add key="ida:Tenant" value="" />
<add key="ida:Audience" value="" />

不兼容的身份验证代码Incompatible authentication code

最后,连接服务会尝试检测使用以前版本的 Visual Studio 配置的身份验证代码版本。Finally, the connected service attempts to detect versions of authentication code that have been configured with previous versions of Visual Studio. 如果已收到此错误,它表示项目包含不兼容的身份验证类型。If you received this error, it means your project contains an incompatible authentication type. 连接服务将通过以前版本的 Visual Studio 检测以下身份验证类型:The connected service detects the following types of authentication from previous versions of Visual Studio:

  • Windows 身份验证Windows Authentication
  • 单个用户帐户Individual User Accounts
  • 组织帐户Organizational Accounts

为了检测 MVC 项目中的 Windows 身份验证,连接服务将在 web.config 文件中查找 authentication 元素。To detect Windows Authentication in an MVC project, the connected looks for the authentication element in your web.config file.

<configuration>
    <system.web>
        <authentication mode="Windows" />
    </system.web>
</configuration>

为了检测 Web API 项目中的 Windows 身份验证,连接服务将在项目的 .csproj 文件中查找 IISExpressWindowsAuthentication 元素:To detect Windows Authentication in a Web API project, the connected service looks for the IISExpressWindowsAuthentication element in your project's .csproj file:

<Project>
    <PropertyGroup>
        <IISExpressWindowsAuthentication>enabled</IISExpressWindowsAuthentication>
    </PropertyGroup>
</Project>

为了检测单个用户帐户身份验证,连接服务将在 packages.config 文件中查找 package 元素。To detect Individual User Accounts authentication, the connected service looks for the package element in your packages.config file.

<packages>
    <package id="Microsoft.AspNet.Identity.EntityFramework" version="2.1.0" targetFramework="net45" />
</packages>

为了检测旧式组织帐户身份验证,连接服务将在 web.config 文件中查找以下元素:To detect an old form of Organizational Account authentication, the connected service looks for the following element inweb.config:

<configuration>
    <appSettings>
        <add key="ida:Realm" value="***" />
    </appSettings>
</configuration>

若要更改身份验证类型,请删除不兼容的身份验证类型,并尝试重新添加连接服务。To change the authentication type, remove the incompatible authentication type and try adding the connected service again.

有关详细信息,请参阅 Azure AD 的身份验证方案For more information, see Authentication Scenarios for Azure AD.