使用.NET Core 2的Azure AD B2C Web API

Question

我正在尝试从均受Azure AD B2C保护的Web应用程序中调用Web API。 该应用程序可以使用Azure登录页面正常登录。 但是，当我在API上调用我的[Authorize]端点时，会收到401未经授权的响应。

我认为使用VS2017和ASP.NET Core 2.1可以立即使用。 创建两个应用程序时，我分别指定了“个人用户帐户”进行身份验证和“连接到云中现有的用户存储”。 我发现的示例似乎来自.NET Core 1或更旧版本，不再相关或使用不推荐使用的设置。

我在API访问部分中有该应用程序，其中包含Azure的读写作用域。

如何成功授权我的应用程序调用我的API？

这是我的App Startup.cs：

public void ConfigureServices(IServiceCollection services)
{
    services.Configure<CookiePolicyOptions>(options =>
    {
        // This lambda determines whether user consent for non-essential cookies is needed for a given request.
        options.CheckConsentNeeded = context => true;
        options.MinimumSameSitePolicy = SameSiteMode.None;
    });

    services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
        .AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));

    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
        app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseCookiePolicy();

    app.UseAuthentication();

    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller=Home}/{action=Index}/{id?}");
    });
}

我的应用程式appsettings.json：

{
  "AzureAdB2C": {
    "Instance": "https://myCompanyPassport.b2clogin.com/tfp/",
    "ClientId": "51dde0de-a204-4b67-b890-068846e17ff1",
    "ClientSecret": "------------------------",
    "CallbackPath": "/signin-oidc",
    "Domain": "myCompanyPassport.onmicrosoft.com",
    "SignUpSignInPolicyId": "B2C_1_myCompanySignUpSignIn",
    "ResetPasswordPolicyId": "B2C_1_myCompanyPasswordReset",
    "EditProfilePolicyId": "B2C_1_myCompanyProfile",
    "TaskServiceUrl": "https://localhost:44337/",
    "ApiIdentifier": "https://myCompanyPassport.onmicrosoft.com/taskapi",
    "ReadScope": "read",
    "WriteScope": "write"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "*"
}

这是我的API Startup.cs：

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication(AzureADB2CDefaults.BearerAuthenticationScheme)
        .AddAzureADB2CBearer(options => Configuration.Bind("AzureAdB2C", options));

    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseAuthentication();
    app.UseMvc();
}

我的API appsettings.json：

{
  "AzureAdB2C": {
    "Instance": "https://myCompanyPassport.b2clogin.com/tfp/",
    "ClientId": "213764b3-8c2a-4bf6-9e69-355495a8f14e",
    "ClientSecret": "------------------------",
    "Domain": "myCompanyPassport.onmicrosoft.com",
    "SignUpSignInPolicyId": "B2C_1_myCompanySignUpSignIn",
    "ReadScope": "read",
    "WriteScope": "write"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "*"
}

Answer 1

你尝试过这个吗（addazureadbearer api）

   services.AddAuthentication(sharedOptions =>
        {
            sharedOptions.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
        })
        .AddAzureAdBearer(options => Configuration.Bind("AzureAd", options));