[英]How to validate Azure AD B2C token from query string in Asp.net Core?
I have a asp.net web api application with some controllers and a signalR hub. 我有一个带有一些控制器和SignalR集线器的asp.net Web API应用程序。 JWT tokens validation with Azure AD B2C is configured like this:
使用Azure AD B2C进行JWT令牌验证的配置如下:
services.AddAuthentication(AzureADB2CDefaults.JwtBearerAuthenticationScheme)
.AddAzureADB2CBearer(options => _configuration.Bind("AzureAdB2C", options))
This works fine with controllers, and I don't have to worry about the intricacies of Azure AD B2C token validation . 这可以在控制器上正常工作,而我不必担心Azure AD B2C令牌验证的复杂性 。
Now, for the signalR hub to support Web Sockets or Server-sent events, the authentication token should be read from the querystring . 现在,为了使signalR集线器支持Web套接字或服务器发送的事件, 应该从querystring中读取身份验证令牌 。 I'm supposed to handle the OnMessageReceived event like this :
我应该这样处理OnMessageReceived事件:
services.AddAuthentication(...)
.AddJwtBearer(options =>
{
options.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
var accessToken = context.Request.Query["access_token"];
// If the request is for our hub...
var path = context.HttpContext.Request.Path;
if (!string.IsNullOrEmpty(accessToken) &&
(path.StartsWithSegments("/hubs/chat")))
{
// Read the token out of the query string
context.Token = accessToken;
}
return Task.CompletedTask;
}
};
});
Unfortunately, the AzureAdB2COptions object does not give me access to the authentication events. 不幸的是,AzureAdB2COptions对象无法让我访问身份验证事件。
How can I reconcile both approaches ? 如何协调两种方法?
Maybe get a little more manual by writing your own AuthenticationHandler. 也许可以通过编写自己的AuthenticationHandler来获得更多手册。 You can use the IServiceCollection extensions of .AddAuthorization and .AddAuthentication to write your own logic that does the things that are supposed to happen.
您可以使用.AddAuthorization和.AddAuthentication的IServiceCollection扩展来编写自己的逻辑来完成应该发生的事情。
What I find with C# in a post-dotnet core world, use as little of their framework as is necessary to hook in to it. 在后dotnet核心世界中,我在C#中发现的东西,只要使用它们所需要的框架就很少。 The framework stuff is all janky and brittle, and in 5 years when they've redone it all 3 times nobody will be able to maintain the bizarre 5-year old fluent builder stuff in every Startup.cs.
框架的东西简直是脆弱而脆弱,在5年中,他们已经全部重做了3次,没有人能够在每个Startup.cs中维护5岁的流利构建者怪异的东西。
Writing your own AuthenticationHandler is a good compromise between using a single-line fluent builder extension method vs. completely ignoring the entire framework and writing your own framework that uses logic and reason. 编写自己的AuthenticationHandler是使用单行流利的构建器扩展方法与完全忽略整个框架以及编写使用逻辑和推理的自己框架之间的良好折衷。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.