[英]Add Multiple B2C Authentification in ASP.NET CORE
I have a project in ASP.NET CORE 3.1 using B2C authentification.我在 ASP.NET CORE 3.1 中有一个使用 B2C 身份验证的项目。 I have configure the authentification's configuration like this:
我已经像这样配置了身份验证的配置:
services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options => Configuration.Bind("A", options));
Where "A" is my json with my B2C's informations like client id, tenant id etc...其中“A”是我的 json 以及我的 B2C 信息,如客户 ID、租户 ID 等...
the json look like this: json 看起来像这样:
"A": {
"Instance": "https://A.b2clogin.com/tfp/",
"ClientId": "359fes9e-42a0-4c13-8693-961f6f6f0f79",
"CallbackPath": "/signin-oidc",
"Domain": "A.onmicrosoft.com",
"SignUpSignInPolicyId": "B2C_1A_signup_signin"},
"B": {
"Instance": "https://B.b2clogin.com/tfp/",
"ClientId": "359fes9e-42a0-4c13-8693-96fejoff0f79",
"CallbackPath": "/signin-oidc",
"Domain": "A.onmicrosoft.com",
"SignUpSignInPolicyId": "B2C_1B_signup_signin"},
I want to switch my B2C Authentication config (for exemple json A to json B).我想切换我的 B2C 身份验证配置(例如 json A 到 json B)。
Tested:测试:
I have been tested to set two B2C in my startup.cs like this:我已经过测试,可以在我的 startup.cs 中设置两个 B2C,如下所示:
services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(options => Configuration.Bind("A", options))
.AddAzureADB2C(options => Configuration.Bind("B", options));
No work...没有工作...
And i have been tested to set up Authentication with OpenId Connect like this:我已经过测试,可以像这样使用 OpenId Connect 设置身份验证:
services.AddAuthentication()
.AddOpenIdConnect("A", options => {
options.Authority = A.Authority;
options.CallbackPath = A.CallbackPath;
options.ClientId = A.ClientID;
})
.AddOpenIdConnect("B", options => {
options.Authority = B.Authority;
options.CallbackPath = B.CallbackPath;
options.ClientId = B.ClientID;
})
And this solution not work too.而且这个解决方案也不起作用。
If you have a solution or documentation that his explain my problem, Thank in advance !如果您有他解释我的问题的解决方案或文档,请提前致谢!
Corentin科伦廷
If i understand your requirement, you need to accept tokens from multiple sign in policies.如果我理解您的要求,您需要接受来自多个登录策略的令牌。 We had this same requirement as well, to solve it, we abandoned the out of the box helpers and created our own.
我们也有同样的需求,为了解决它,我们放弃了开箱即用的助手并创建了自己的助手。 The issue you will face using the out of the box extensions is twofold, one the underlying code does not allow multiple elements, and the other is, the signing keys will differ policy to policy.
使用开箱即用的扩展将面临双重问题,一个是底层代码不允许多个元素,另一个是签名密钥将因策略而异。 To get around that, we basically call the well-known endpoint for each policy (standard format, if you have policy name, the url is easy to build), we then grab the signing keys and insert them into an array.
为了解决这个问题,我们基本上为每个策略调用众所周知的端点(标准格式,如果你有策略名称,url 很容易构建),然后我们获取签名密钥并将它们插入到数组中。 We use that to create the TokenValidationParameters object that is then used in the call services.AddAuthentication().AddJwtBearer call for the jwtOptions.TokenValidationParameters If you still need this answer, i can probably sanitize the code enough to share.
我们使用它来创建 TokenValidationParameters object,然后在调用 services.AddAuthentication().AddJwtBearer 调用 jwtOptions.TokenValidationParameters 如果你仍然需要这个答案,我可以清理代码足以分享。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.