[英]Azure b2c authorization return 401 (Unauthorized) in Blazor WASM
I'm using Azure AD B2C as the authentication provider for ASP.NET Blazor WASM application and API
.我正在使用 Azure AD B2C 作为 ASP.NET Blazor WASM 应用程序和
API
的身份验证提供程序So the problem is that I'm not able to access the API endpoints from the client
which is Blazor WASM.所以问题是我无法从
client
访问API端点,即 Blazor WASM。 When I make the request to the API I get 401 (Unauthorized) response.当我向 API 发出请求时,我收到 401(未经授权)响应。
Here is the console error这是控制台错误
crit: Microsoft.AspNetCore.Components.WebAssembly.Rendering.WebAssemblyRenderer[100]
Unhandled exception rendering component: Response status code does not indicate success: 401 (Unauthorized).
System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized).
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at System.Net.Http.Json.HttpClientJsonExtensions.<GetFromJsonAsyncCore>d__13`1[[Organizer.Web.Shared.Models.SuccessResultModel`1[[Organizer.Web.Shared.DTOs.UserDto, Organizer.Web.Shared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]], Organizer.Web.Shared, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]].MoveNext()
at Organizer.Web.Pages.Authentication.AccountProfile.OnInitializedAsync() in A:\Software_Development\2022\Organizer\Organizer.Web.Pages\Authentication\AccountProfile.razor.cs:line 57
at Microsoft.AspNetCore.Components.ComponentBase.RunInitAndSetParametersAsync()
at Microsoft.AspNetCore.Components.RenderTree.Renderer.GetErrorHandledTask(Task taskToHandle, ComponentState owningComponentState)
Blazor Client Appsettings and Program.cs Blazor 客户端 Appsettings 和 Program.cs
builder.Services.AddHttpClient("Organizer.API", client => client.BaseAddress = new Uri("https://localhost:7149"))
.AddHttpMessageHandler<BaseAddressAuthorizationMessageHandler>();
builder.Services.AddScoped(sp => sp.GetRequiredService<IHttpClientFactory>().CreateClient("Organizer.API"));
builder.Services.AddMsalAuthentication(options =>
{
builder.Configuration.Bind("AzureAdB2C", options.ProviderOptions.Authentication);
options.ProviderOptions.DefaultAccessTokenScopes.Add(
"https://mydomain.onmicrosoft.com/60dbe9eb-056c-400d-a98d-c5c95b2bb000/Data.Read");
options.ProviderOptions.LoginMode = "redirect";
});
{
"AzureAdB2C": {
"Authority": "https://mydomain.b2clogin.com/mydomain.onmicrosoft.com/B2C_1_susi",
"ClientId": "f2161189-4bc6-4c26-99ae-a82b6729ab33",
"ValidateAuthority": false
}
}
API API
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAdB2C"));
"AzureAdB2C": {
"Instance": "https://mydomain.b2clogin.com/",
"ClientId": "60dbe9eb-056c-400d-a98d-c5c95b4bb176",
"Domain": "mydomain.onmicrosoft.com",
"TenantId": "1a5a2799-8dde-4236-901f-c37b3d2b9b39",
"Scopes": "Data.Read",
"SignUpSignInPolicyId": "B2C_1_susi",
"CallbackPath": "/authentication/login-callback"
}
Note: I have changed the guids and URLs for security reasons.注意:出于安全原因,我更改了 guid 和 URL。
options.ProviderOptions.DefaultAccessTokenScopes.Add("https://{TENANT}.onmicrosoft.com/{ API app CLIENTID OR custom value}/{DEFAULT Scope}");
For ex:例如:
.Add("https://contoso.onmicrosoft.com/41xxxa7xxxx-4xxx3-8fxx-6xxxxxxxfd/API.Access");
And then please try if you can set API app for a matching audience
in the API app settings file (appsettings.json) which is nothing but "Audience": https://{TENANT}.onmicrosoft.com/{ API APP CLIENT ID OR CUSTOM VALUE if present}
And then please try if you can set API app for a
matching audience
in the API app settings file (appsettings.json) which is nothing but "Audience": https://{TENANT}.onmicrosoft.com/{ API APP CLIENT ID OR CUSTOM VALUE if present}
Ex:前任:
{
"AzureAdb2c": {
"Authority": " ",
"ClientId": "xxxxxxxxxx1fdxx",
"ValidateAuthority": true,
"Audience": "https://contoso.onmicrosoft.com/<client/appId>"
...
}
}
the end of the Audience need not be scope /{DEFAULT SCOPE}.观众的结尾不必是 scope /{DEFAULT SCOPE}。
API permissions
which are required are granted to access web API endpoints.API permissions
,这些权限已授予访问 web API 端点所需的权限。 Reference : Secure an ASP.NET Core Blazor WebAssembly standalone app with Azure Active Directory B2C |参考: 使用 Azure Active Directory B2C 保护 ASP.NET 核心 Blazor WebAssembly 独立应用程序 | Microsoft Docs
微软文档
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.