【问题标题】:Azure B2C: Unable to retrieve document from v2.0 .well-known openid-configurationAzure B2C:无法从 v2.0 .well-known openid-configuration 检索文档
【发布时间】:2021-11-17 17:08:18
【问题描述】:

我正在尝试在我的 dotnet 核心 Web 应用程序中使用 Azure B2C,以便使用我创建的登录流程。

这些是我的 appsettings.json:

"AzureAdB2C": {
    "Instance": "https://XXXX.b2clogin.com/tfp/",
    "Domain": "XXXX.onmicrosoft.com",
    "ClientId": "<CLIENT_ID>",
    "TenantId": "<TENANT_ID>",
    "CallbackPath": "/signin-oidc",
    "SignInPolicyId": "B2C_1_SignFlow"
 }

这是我的 Startup.cs:

 public void ConfigureServices(
        IServiceCollection services)
    {
        IdentityModelEventSource.ShowPII = true;
        services.AddRepositories(this.Configuration);
        services.AddDbContext<ApplicationDbContext>();
        services.AddServices();

        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
            // Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
            options.HandleSameSiteCookieCompatibility();
        });

        // Configuration to sign-in users with Azure AD B2C
        services.AddMicrosoftIdentityWebAppAuthentication(this.Configuration, Constants.AzureAdB2C);

        services.AddRazorPages();

        services.AddControllersWithViews().AddMicrosoftIdentityUI();
        services.AddOptions();
        services.Configure<OpenIdConnectOptions> (this.Configuration.GetSection("AzureAdB2C"));

    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(
        IApplicationBuilder app,
        IWebHostEnvironment env,
        ILogger<Startup> logger)
    {

        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseDatabaseErrorPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
            app.UseHsts();
        }

        using (var serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>().CreateScope())
        {
            logger.LogInformation("Starting Migration");
            using var context = serviceScope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
            context.Database.Migrate();
            logger.LogInformation("Finished Migration");
        }
        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseCookiePolicy();

        app.UseRouting();
        app.UseAuthentication();
        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                "default",
                "{controller=Home}/{action=Index}/{id?}");
                endpoints.MapRazorPages();
        }

        );
    }

问题:每次我启动应用程序时,都会收到以下错误:

System.IO.IOException: IDX20807: Unable to retrieve document from: 'https://XXXX.b2clogin.com/<TENANT_ID>/v2.0/.well-known/openid-configuration'. HttpResponseMessage: 'StatusCode: 404, ReasonPhrase: 'Not Found', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
  X-Frame-Options: DENY
  ...
  Content-Type: text/html
  Content-Length: 103
 }', HttpResponseMessage.Content: 'The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.'.

如果我只是想使用 Microsoft 身份验证,并将我的实例名称设置为 https://login.microsoftonline.com/,那么一切都会按预期工作。这只发生在我尝试使用用户流时。

如果我尝试从 appsettings.json 中删除 TenantId,我会收到一条消息说它是必需的:The 'TenantId' option must be provided

有什么想法吗?

谢谢!

【问题讨论】:

    标签: azure .net-core azure-active-directory openid


    【解决方案1】:

    您可能需要在 appsettings.json 中添加“Authority”。这是元数据网址

    (权限格式:“https://.b2clogin.com/.onmicrosoft.com/B2C_1_signupsignin1/v2.0/.well-known/openid-configuration”)

    "AzureAdB2C": { 
    
        "Authority":"https://<tenantname>.b2clogin.com/tfp/{tenantName}.onmicrosoft.com/B2C_1_{signup_policy}/v2.0/ ", 
    
       
     "Instance": "https://XXXX.b2clogin.com/tfp/", 
    
        "Domain": "XXXX.onmicrosoft.com", 
    
        "ClientId": "<CLIENT_ID>", 
    
        "TenantId": "<TENANT_ID>", 
    
        "CallbackPath": "/b2csignin", 
    
        "SignInPolicyId": "B2C_1_SignFlow" 
    
     }, 
    
     
    

    并在门户/代码中提供通用发行者 url,如下所示

    https:// <domain>/tfp/<tenantId>/v2/  
    

    (或) 政策特定发行人

    https:// <domain>/tfp/<tenantId>/b2c_1_ policy/v2/ 
    

    参考文献

    1. getting-error-when-trying-to-secure-aspnet-core-web-api-
    2. azure-ad-b2c-issuer-url-in-the-portal

    【讨论】:

      猜你喜欢
      • 2019-05-19
      • 2020-04-02
      • 2016-10-08
      • 2018-05-10
      • 2019-02-08
      • 2020-06-29
      • 2022-01-08
      • 2021-09-09
      • 2021-01-18
      相关资源
      最近更新 更多