【问题标题】:How to validate Azure B2C access token using Authorization in .Core application如何在 .Core 应用程序中使用授权验证 Azure B2C 访问令牌
【发布时间】:2021-09-12 13:49:12
【问题描述】:

我能够使用以下代码成功验证控制器内部 Azure AD B2C 颁发的访问令牌:

string discoveryEndpoint = "https://<tenant>.b2clogin.com/<tenant>.onmicrosoft.com/<policyId>/v2.0/.well-known/openid-configuration";
ConfigurationManager<OpenIdConnectConfiguration> configManager = new(discoveryEndpoint, new OpenIdConnectConfigurationRetriever());
OpenIdConnectConfiguration openIdconfig = configManager.GetConfigurationAsync().Result;
TokenValidationParameters validationParameters = new()
{
    ValidateAudience = true,
    ValidAudience = <ClientId>,
    ValidateIssuer = true,
    ValidIssuer = openIdconfig.Issuer,
    IssuerSigningKeys = openIdconfig.SigningKeys,
    ValidateLifetime = true
};
JwtSecurityTokenHandler tokenHandler = new();
tokenHandler.ValidateToken(accessToken, validationParameters, out SecurityToken validatedToken);

但不能像这样在 Startup.cs 中设置授权

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
   .AddJwtBearer(cfg =>
   {
       <...the same code as above to get issuer and signing keys...>
       cfg.TokenValidationParameters = new()
       {
          ValidateAudience = true,
          ValidAudience = <ClientId>,
          ValidateIssuer = true,
          ValidIssuer = openIdconfig.Issuer,
          IssuerSigningKeys = openIdconfig.SigningKeys,
          ValidateLifetime = true
       };
   });
<...>
public void Configure(IApplicationBuilder appBuilder)
{
   <...>
   appBuilder.UseRouting();
   appBuilder.UseAuthorization();
   <...>
}

并在我的控制器方法中使用 [Authorize] 属性。在这种情况下,我得到 401 响应。我在这里做错了什么?

【问题讨论】:

    标签: c# .net-core jwt authorization azure-ad-b2c


    【解决方案1】:

    我会给你一个小费。 在 AddJwtBearer 选项中注册事件

               .AddJwtBearer("JwtBearer", opts =>
               {
                   opts.Authority = GetAuthority(configuration);
                   opts.Audience = configuration["Authentication:AzureAdB2C:ClientId"];
                   opts.TokenValidationParameters = new TokenValidationParameters()
                   {
                       ValidateIssuer = true,
                       ValidIssuer = configuration["Authentication:AzureAdB2C:Issuer"],
                       ValidAudiences = new string[] { opts.Audience },
                       ValidateLifetime = true,
                       NameClaimType = "name",
                   };
    
                   opts.Events = new JwtBearerEvents();
    
                   opts.Events.OnAuthenticationFailed = authFailedContext =>
                   {
                       return Task.CompletedTask;
                   };
                   opts.Events.OnMessageReceived = messageContext =>
                   {
                       return Task.CompletedTask;
                   };
                   opts.Events.OnTokenValidated = tokenValidatedContext =>
                   {
                       return Task.CompletedTask;
                   };
                   opts.Events.OnForbidden = forbiddenContext =>
                   {
                       return Task.CompletedTask;
                   };
               });
    

    并检查/记录天蓝色验证上下文。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2019-12-16
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2021-07-12
      相关资源
      最近更新 更多