使用.NET Core 2的Azure AD B2C Web API

Question

我正在嘗試從均受Azure AD B2C保護的Web應用程序中調用Web API。 該應用程序可以使用Azure登錄頁面正常登錄。 但是，當我在API上調用我的[Authorize]端點時，會收到401未經授權的響應。

我認為使用VS2017和ASP.NET Core 2.1可以立即使用。 創建兩個應用程序時，我分別指定了“個人用戶帳戶”進行身份驗證和“連接到雲中現有的用戶存儲”。 我發現的示例似乎來自.NET Core 1或更舊版本，不再相關或使用不推薦使用的設置。

我在API訪問部分中有該應用程序，其中包含Azure的讀寫作用域。

如何成功授權我的應用程序調用我的API？

這是我的App Startup.cs：

public void ConfigureServices(IServiceCollection services)
{
    services.Configure<CookiePolicyOptions>(options =>
    {
        // This lambda determines whether user consent for non-essential cookies is needed for a given request.
        options.CheckConsentNeeded = context => true;
        options.MinimumSameSitePolicy = SameSiteMode.None;
    });

    services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
        .AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));

    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
        app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseCookiePolicy();

    app.UseAuthentication();

    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller=Home}/{action=Index}/{id?}");
    });
}

我的應用程式appsettings.json：

{
  "AzureAdB2C": {
    "Instance": "https://myCompanyPassport.b2clogin.com/tfp/",
    "ClientId": "51dde0de-a204-4b67-b890-068846e17ff1",
    "ClientSecret": "------------------------",
    "CallbackPath": "/signin-oidc",
    "Domain": "myCompanyPassport.onmicrosoft.com",
    "SignUpSignInPolicyId": "B2C_1_myCompanySignUpSignIn",
    "ResetPasswordPolicyId": "B2C_1_myCompanyPasswordReset",
    "EditProfilePolicyId": "B2C_1_myCompanyProfile",
    "TaskServiceUrl": "https://localhost:44337/",
    "ApiIdentifier": "https://myCompanyPassport.onmicrosoft.com/taskapi",
    "ReadScope": "read",
    "WriteScope": "write"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "*"
}

這是我的API Startup.cs：

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication(AzureADB2CDefaults.BearerAuthenticationScheme)
        .AddAzureADB2CBearer(options => Configuration.Bind("AzureAdB2C", options));

    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseAuthentication();
    app.UseMvc();
}

我的API appsettings.json：

{
  "AzureAdB2C": {
    "Instance": "https://myCompanyPassport.b2clogin.com/tfp/",
    "ClientId": "213764b3-8c2a-4bf6-9e69-355495a8f14e",
    "ClientSecret": "------------------------",
    "Domain": "myCompanyPassport.onmicrosoft.com",
    "SignUpSignInPolicyId": "B2C_1_myCompanySignUpSignIn",
    "ReadScope": "read",
    "WriteScope": "write"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "*"
}

Answer 1

你嘗試過這個嗎（addazureadbearer api）

   services.AddAuthentication(sharedOptions =>
        {
            sharedOptions.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
        })
        .AddAzureAdBearer(options => Configuration.Bind("AzureAd", options));