问题描述
我想在azure中创建一个应用程序(简单的asp.net mvc应用程序),使用户保持天蓝色,而我想通过azure b2c完成它。
我在azure中注册了应用程序,并将所有配置都放入appsettings.json中,我注意到的是,应用程序生成的网址与azure中的网址不匹配:
这是来自应用程序:
'https://isthereanynewscodeblast.b2clogin.com/isthereanynewscodeblast.onmicrosoft.com/B2C_1_eclaims_login/v2.0/.well-kNown/openid-configuration'
来自B2C:
'https://isthereanynewscodeblast.b2clogin.com/isthereanynewscodeblast.onmicrosoft.com//v2.0/.well-kNown/openid-configuration'
相似但不相同。我发现该方法由AzureADB2copenIdConnectOptionsConfiguration生成了该网址:
internal static string BuildAuthority(AzureADB2coptions AzureADB2coptions)
{
var baseUri = new Uri(AzureADB2coptions.Instance);
var pathBase = baseUri.PathAndQuery.TrimEnd('/');
var domain = AzureADB2coptions.Domain;
var policy = AzureADB2coptions.DefaultPolicy;
return new Uri(baseUri,new PathString($"{pathBase}/{domain}/{policy}/v2.0")).ToString();
}
这是我的.json
"AzureAdB2C": {
"Instance": "https://isthereanynewscodeblast.b2clogin.com","Domain": "isthereanynewscodeblast.onmicrosoft.com","ClientId": "guid-of-client","CallbackPath": "/signin-oidc","SignUpSignInPolicyId": "B2C_1_eclaims_login ","ResetPasswordPolicyId": "B2C_1_eclaims_reset","EditProfilePolicyId": "B2C_1_eclaims_edit"
},哪个与AAD中的不匹配:(
代码来自一个小块:Microsoft.AspNetCore.Authorization
它既不是受保护的也不是虚拟的,所以我看不到任何替代它的选项。
所以我的问题是:
services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options =>
{
Configuration.Bind("AzureAdB2C",options);
});
//编辑:
这是来自申请注册的清单:
{
"id": "438a430b-4e80-4c6c-8f45-dfca460b2e03","acceptMappedClaims": null,"accesstokenAcceptedVersion": 2,"addIns": [],"allowPublicclient": null,"appId": "44234136-6eee-431f-98ea-668343d7a3fd","appRoles": [],"oauth2AllowUrlPathMatching": false,"createdDateTime": "2020-08-18T22:32:28Z","groupMembershipClaims": null,"identifierUris": [],"informationalUrls": {
"termsOfService": null,"support": null,"privacy": null,"marketing": null
},"keyCredentials": [],"kNownClientApplications": [],"logoUrl": null,"logoutUrl": null,"name": "user-log-test","oauth2AllowIdTokenImplicitFlow": false,"oauth2AllowImplicitFlow": false,"oauth2Permissions": [],"oauth2RequirePostResponse": false,"optionalClaims": null,"orgRestrictions": [],"parentalControlSettings": {
"countriesBlockedForMinors": [],"legalAgeGroupRule": "Allow"
},"passwordCredentials": [],"preAuthorizedApplications": [],"publisherDomain": "isthereanynewscodeblast.onmicrosoft.com","replyUrlsWithType": [
{
"url": "https://localhost:44395/signin-oidc","type": "Web"
}
],"requiredResourceAccess": [
{
"resourceAppId": "00000003-0000-0000-c000-000000000000","resourceAccess": [
{
"id": "37f7f235-527c-4136-accd-4a02d197296e","type": "Scope"
},{
"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182","type": "Scope"
}
]
}
],"samlMetadataUrl": null,"signInUrl": null,"signInAudience": "AzureADandPersonalMicrosoftAccount","tags": [],"tokenEncryptionKeyId": null
}
解决方法
能否请您尝试使用此b2c sample app,这将使您了解如何使用b2c点。它带有预配置的端点(如下),您可以在以后用租户和策略替换这些端点以进行测试。
{
"AzureAdB2C": {
"Instance": "https://fabrikamb2c.b2clogin.com","ClientId": "90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6","Domain": "fabrikamb2c.onmicrosoft.com","SignedOutCallbackPath": "/signout/B2C_1_susi","SignUpSignInPolicyId": "b2c_1_susi","ResetPasswordPolicyId": "b2c_1_reset","EditProfilePolicyId": "b2c_1_edit_profile"
},"Logging": {
"LogLevel": {
"Default": "Information","Microsoft": "Warning","Microsoft.Hosting.Lifetime": "Information"
}
},"AllowedHosts": "*"
}
我看到了您的应用清单文件,发现您尚未启用隐式流程。请选择应用,然后转到“身份验证”,然后选择 ID令牌和访问令牌。
我尝试了@Razi共享的示例,并且端到端运行良好。