ASP Net Core 调用 Azure B2C 策略
[英]ASP Net Core call Azure B2C policy
问题描述
I've spent a couple of days to figure out on how to properly call Azure B2C policy/user flows from ASP Net core.
我花了几天时间弄清楚如何从 ASP Net 核心正确调用 Azure B2C 策略/用户流。 We are able to call B2C sign in and sign up custom policy.我们可以调用 B2C 登录并注册自定义策略。
We have implemented the same approach for Change Password and other custom policies created.我们为更改密码和创建的其他自定义策略实施了相同的方法。 However, when we call other custom policies(not included in the code below but same implementation), we encountered different errors.但是,当我们调用其他自定义策略(不包含在下面的代码中但相同的实现)时,我们遇到了不同的错误。 New errors are coming up whenever we fix the error.每当我们修复错误时,都会出现新错误。
This leads me think that we are not doing the proper way to call B2C custom polcies/user flows.这让我认为我们没有以正确的方式调用 B2C 自定义策略/用户流。 May I know if the code below are correct or maybe you can suggest a better way to do it.我可以知道下面的代码是否正确,或者您可以提出更好的方法。
Thank you.谢谢你。
Startup.cs启动.cs
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => HostingEnvironment.IsProduction();
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect("B2C_1A_SignIn", options =>
{
options.Authority = $"https://{Configuration["B2C_1A_SignIn:Domain"]}";
options.MetadataAddress = $"https://{Configuration["B2C_1A_SignIn:MetadataAddress"]}";
// Configure the Auth0 Client ID and Client Secret
options.ClientId = Configuration["B2C_1A_SignIn:ClientId"];
options.ClientSecret = Configuration["B2C_1A_SignIn:ClientSecret"];
// Set response type to code
options.ResponseType = OpenIdConnectResponseType.IdToken;
// Configure the scope
options.Scope.Clear();
options.Scope.Add("openid");
// Set the callback path, so Auth0 will call back to http://localhost:3000/callback
// Also ensure that you have added the URL as an Allowed Callback URL in your Auth0 dashboard
options.CallbackPath = new PathString("/Home");
// Configure the Claims Issuer to be Auth0
options.ClaimsIssuer = "B2C_1A_SignIn";
// Saves tokens to the AuthenticationProperties
options.SaveTokens = true;
})
.AddOpenIdConnect("B2C_1A_ChangePassword", options =>
{
options.Authority = $"https://{Configuration["B2C_1A_ChangePassword:Domain"]}";
options.MetadataAddress = $"https://{Configuration["B2C_1A_ChangePassword:MetadataAddress"]}";
options.ClientId = Configuration["B2C_1A_ChangePassword:ClientId"];
options.ClientSecret = Configuration["B2C_1A_ChangePassword:ClientSecret"];
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.CallbackPath = new PathString("/Home");
options.ClaimsIssuer = "B2C_1A_ChangePassword";
options.SaveTokens = true;
})
);
}
HomeController.cs家庭控制器.cs
public async Task SignIn()
{
await HttpContext.ChallengeAsync("B2C_1A_SignIn", new AuthenticationProperties() { RedirectUri = "/home" });
}
[Authorize]
public async Task ChangePassword()
{
await HttpContext.ChallengeAsync("B2C_1A_ChangePassword", new AuthenticationProperties() { RedirectUri = "/home" });
}
1 个解决方案
解决方案1
0 已采纳 2020-07-09 11:38:19
Your callback paths probably need to be changed at least.您的回调路径可能至少需要更改。 Specify callback paths like /signin-callback and /change-pw-callback .指定回调路径,例如/signin-callback和/change-pw-callback 。
They don't need to match actions in your app.他们不需要匹配您应用中的操作。 The authentication schemes will usually issue a "local redirect" to the URL you specified (or the current URL) after you are redirected back to your app.在您被重定向回您的应用程序后,身份验证方案通常会向您指定的 URL(或当前 URL)发出“本地重定向”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.