stackoom
  简体   繁体   中英

Asp.Net Core 2.0 and Azure AD B2C for authentication on WebApp and API

 原文  2017-10-01 18:02:24       asp.net-core/ azure-ad-b2c/ asp.net-core-2.0

Question

I have an existing small app that I use for test, it is in Asp.Net Core 1.1 for both the Web App and the API, the authentication is done using Azure AD B2C. I am trying to move it to .Net Core 2.0 but I can't figure how to get it working, I tried using both sample from GitHub Azure-Samples for Web App and API, but I have either an unauthorized or 500 error when trying to access the api, if you have a working example for calling a web api from a web app using 2.0 and protected by AD B2C it will be greatly appreciated.

Edit: The sample I use to test are : Web App : WebApp-OpenIDConnect-DotNet core2.0 Web Api : B2C-WebApi core2.0 , I changed the appsettings values to match my b2c directory.

For my asp.net core 1.1 test app I use the same samples as above but from the master branch, with the same value for appsettings.

Edit 2 by default, in startup.cs I have this : 

        services.AddAuthentication()
            .AddJwtBearer(option => new JwtBearerOptions
            {
                Authority = string.Format("https://login.microsoftonline.com/tfp/{0}/{1}/v2.0/",
                Configuration["Authentication:AzureAd:Tenant"], Configuration["Authentication:AzureAd:Policy"]),
                Audience = Configuration["Authentication:AzureAd:ClientId"],
                Events = new JwtBearerEvents
                {
                    OnAuthenticationFailed = AuthenticationFailed
                }
            });

which gives me the following error:

Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:44352/api/values/5
Microsoft.AspNetCore.Server.Kestrel:Error: Connection id "0HL89JHF4VBLM", Request id "0HL89JHF4VBLM:00000001": An unhandled exception was thrown by the application. System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found.

if modified services.AddAuthentication like that 

        services.AddAuthentication(sharedOption =>
        {
            sharedOption.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
        })

the error is now

Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: Failed to validate the token xxx. Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10500: Signature validation failed. No security keys were provided to validate the signature. at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.d__6.MoveNext()

2 answers

solution1
 0 ACCPTED  2017-10-05 13:39:37

I saw a pull request on the sample which correct this issue ( Link ), the services.AddAuthentication must be change to: 

        services.AddAuthentication(options =>
          {
            options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
                          })
            .AddJwtBearer(jwtOptions =>
            {
            jwtOptions.Authority = $"https://login.microsoftonline.com/tfp/{Configuration["Authentication:AzureAd:Tenant"]}/{Configuration["Authentication:AzureAd:Policy"]}/v2.0/";
            jwtOptions.Audience = Configuration["Authentication:AzureAd:ClientId"];
            jwtOptions.Events = new JwtBearerEvents
                              {
                OnAuthenticationFailed = AuthenticationFailed
                                  };
            });

solution2
 0  2017-12-22 23:40:31

I got this example working both for Core 1.1 and Core 2.0, please add the Oath Authentication as below, 

services.AddAuthentication(sharedOptions =>
            {
                sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddAzureAdB2C(options => Configuration.Bind("Authentication:AzureAdB2C", options))

You configuration options will be defined inside of the class "AzureAdB2CAuthenticationBuilderExtensions", which is found inside of the azure b2c project

Looks like your token is not being update it from the Azure, are you able to get the token from your web app? could you please verify that you are not getting null

Did you register your api scopes on your azure b2c tenant web app? "ApiScopes": " https://fabrikamb2c.onmicrosoft.com/demoapi/demo.read "

you have to set scope in your web api and allows to be read on the web app, please follow click the link in order to set it up

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can I use Azure AD B2c as secondary authentication provider in asp.net core application? ASP.NET 5 API - Azure AD B2C Sign in to ASP.Net Core Web Application -> API with Individual User Accounts using Azure AD B2C What is the simplest way to secure an ASP.NET Core 2.1 Web API using Azure AD B2C One ASP.NET Core 2.2 Web API app Using Multiple Client IDs (Application IDs) of Azure AD B2C Where to implement Azure AD B2C with React frontend and ASP.NET Core 6 backend Azure AD B2C - ASP.NET Core SignUp Link How to validate Azure AD B2C token from query string in Asp.net Core? Azure AD B2C with ASP.NET Core - Unable to go to edit profile ASP.NET Core Auth not staying signed in after browser closes (Azure AD B2C)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM