在 .net 6 web API 中实现多重授权

Question

I have auth0 authentication implemented for my webAPIs.我为我的 webAPI 实施了 auth0 身份验证。 But now due to some requirement change few of APIs need to be authorized with another scheme.但是现在由于一些要求的变化，很少有 API 需要使用另一种方案进行授权。 So I need below specified different authorization schemes to authorize my API所以我需要下面指定的不同授权方案来授权我的 API

Auth0 scheme (already authorizing api's) Auth0 方案（已经授权 api 的）
Azure AD B2C Azure 广告 B2C

I have implemented Azure AD B2C and which is working fine when used alone but when I am trying to add it enable it with a previous scheme it is causing issues.我已经实施了 Azure AD B2C，它在单独使用时工作正常，但当我尝试添加它时，使用以前的方案启用它会导致问题。

public static IServiceCollection AddSecurityPolicy(this IServiceCollection services, ConfigurationManager config)
        {
            const string ClientPortalScheme = "ClientPortalBearerScheme";
            //from https://auth0.com/blog/securing-aspnet-minimal-webapis-with-auth0/
            services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(options =>
            {
                options.Authority = config["AuthenticationSettings:Domain"];
                options.Audience = config["AuthenticationSettings:Audience"];
            }).AddJwtBearer(ClientPortalScheme, ClientPortalScheme, options =>
            {
                options.Authority = config["AzureADB2CSettings:Domain"];
                options.Audience = config["AzureADB2CSettings:Tenant"];
            });
            //services.AddMicrosoftIdentityWebApiAuthentication(config, "AzureADB2CSettings");

            //By default, require an authenticated user
            //Only one JWT bearer authentication is registered with the default authentication scheme JwtBearerDefaults.AuthenticationScheme.
            //Additional authentication has to be registered with a unique authentication scheme.
            //see https://docs.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-6.0
            services.AddAuthorization(options =>
             {
                 var defaultAuthorizationPolicyBuilder = new AuthorizationPolicyBuilder(
                     JwtBearerDefaults.AuthenticationScheme,
                     ClientPortalScheme);
                 defaultAuthorizationPolicyBuilder =
                     defaultAuthorizationPolicyBuilder.RequireAuthenticatedUser();
                 options.DefaultPolicy = defaultAuthorizationPolicyBuilder.Build();
             });

            return services;
        }

This is how my code looks like.这就是我的代码的样子。 Issue is when I am calling my endpoint it says问题是当我打电话给我的端点时它说

Unable to obtain configuration from: 'https://mydomain.auth0.com/.well-known/openid-configuration'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://mydomain.auth0.com/.well-known/openid-configuration'.

Please let me know if any information is required int this regard如果这方面需要任何信息，请告诉我

Answer 1

I tried to reproduce the issue in my environment.我试图在我的环境中重现该问题。

It occurs when app config is not receiving OpenIDmeta data properly当应用程序配置未正确接收 OpenIDmeta 数据时发生

The issue was due to TLS configuration in my case as TLS 1.1 or TLS 1.0 are depreciated.在我的案例中，问题是由于 TLS 配置引起的，因为 TLS 1.1 或 TLS 1.0 已弃用。

Please make sure to set TLS to 1.2 or greater.请确保将TLS 设置为 1.2或更高版本。

System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;

Startup.cs启动.cs

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                IdentityModelEventSource.ShowPII = true;
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
                app.UseHsts();
            }
           ......
            System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;;
               ....
            app.UseAuthentication();
            app.UseAuthorization();
          ....

}

Please make sure your backend API refers to /.well-known/openid-configuration Or check this way.请确保您的后端 API 指的是/.well-known/openid-configuration或者这样检查。

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
    {
        MetadataAddress = "http[s]://{IdentityServer}/.well-known/openid-configuration"
        ...
    });

In AzureAdB2c make sure to set the Authority or (Domain and instance ) property correctly.在 AzureAdB2c 中，确保正确设置权限或（域和实例）属性。
Authority being the combination of Instance and domain Appsettings.json Authority: https://[yourb2ctenant}.b2clogin.com/{Configuration["AzureAdB2C:Tenant"]}/{Configuration["AzureAdB2C:Policy"]}/v2.0权限是实例和域的组合 Appsettings.json权限： https://[yourb2ctenant}.b2clogin.com/{Configuration["AzureAdB2C:Tenant"]}/{Configuration["AzureAdB2C:Policy"]}/v2.0

Also see if Instance can be https://<tenant>.b2clogin.com/tfp/ Domain : <b2ctenant>.onmicrosoft.com另请参阅实例是否可以是https://<tenant>.b2clogin.com/tfp/ Domain : <b2ctenant>.onmicrosoft.com

Then the authentication can be carried on successfully:然后就可以认证成功了：

在 .net 6 web API 中实现多重授权

问题描述

1 个解决方案

解决方案1
0 2022-12-01 12:55:48

在 .net 6 web API 中实现多重授权

问题描述

1 个解决方案

解决方案1 0 2022-12-01 12:55:48

解决方案1
0 2022-12-01 12:55:48