【发布时间】:2021-09-12 13:49:12
【问题描述】:
我能够使用以下代码成功验证控制器内部 Azure AD B2C 颁发的访问令牌:
string discoveryEndpoint = "https://<tenant>.b2clogin.com/<tenant>.onmicrosoft.com/<policyId>/v2.0/.well-known/openid-configuration";
ConfigurationManager<OpenIdConnectConfiguration> configManager = new(discoveryEndpoint, new OpenIdConnectConfigurationRetriever());
OpenIdConnectConfiguration openIdconfig = configManager.GetConfigurationAsync().Result;
TokenValidationParameters validationParameters = new()
{
ValidateAudience = true,
ValidAudience = <ClientId>,
ValidateIssuer = true,
ValidIssuer = openIdconfig.Issuer,
IssuerSigningKeys = openIdconfig.SigningKeys,
ValidateLifetime = true
};
JwtSecurityTokenHandler tokenHandler = new();
tokenHandler.ValidateToken(accessToken, validationParameters, out SecurityToken validatedToken);
但不能像这样在 Startup.cs 中设置授权
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(cfg =>
{
<...the same code as above to get issuer and signing keys...>
cfg.TokenValidationParameters = new()
{
ValidateAudience = true,
ValidAudience = <ClientId>,
ValidateIssuer = true,
ValidIssuer = openIdconfig.Issuer,
IssuerSigningKeys = openIdconfig.SigningKeys,
ValidateLifetime = true
};
});
<...>
public void Configure(IApplicationBuilder appBuilder)
{
<...>
appBuilder.UseRouting();
appBuilder.UseAuthorization();
<...>
}
并在我的控制器方法中使用 [Authorize] 属性。在这种情况下,我得到 401 响应。我在这里做错了什么?
【问题讨论】:
标签: c# .net-core jwt authorization azure-ad-b2c