如何从Asp.net Core中的查询字符串验证Azure AD B2C令牌? [英] How to validate Azure AD B2C token from query string in Asp.net Core?

问题描述

我有一个带有一些控制器和SignalR集线器的asp.net Web API应用程序. 使用Azure AD B2C进行JWT令牌验证的配置如下:

I have a asp.net web api application with some controllers and a signalR hub. JWT tokens validation with Azure AD B2C is configured like this:

services.AddAuthentication(AzureADB2CDefaults.JwtBearerAuthenticationScheme)
        .AddAzureADB2CBearer(options => _configuration.Bind("AzureAdB2C", options))

这在控制器上正常工作，我不必担心 Azure AD B2C令牌验证的复杂性.

This works fine with controllers, and I don't have to worry about the intricacies of Azure AD B2C token validation.

现在，要使signalR集线器支持Web套接字或服务器发送的事件，

Now, for the signalR hub to support Web Sockets or Server-sent events, the authentication token should be read from the querystring. I'm supposed to handle the OnMessageReceived event like this :

services.AddAuthentication(...)
    .AddJwtBearer(options =>
        {
            options.Events = new JwtBearerEvents
            {
                OnMessageReceived = context =>
                {
                    var accessToken = context.Request.Query["access_token"];

                    // If the request is for our hub...
                    var path = context.HttpContext.Request.Path;
                    if (!string.IsNullOrEmpty(accessToken) &&
                        (path.StartsWithSegments("/hubs/chat")))
                    {
                        // Read the token out of the query string
                        context.Token = accessToken;
                    }
                    return Task.CompletedTask;
                }
            };
        });

不幸的是，AzureAdB2COptions对象无法让我访问身份验证事件.

Unfortunately, the AzureAdB2COptions object does not give me access to the authentication events.

如何协调两种方法?

推荐答案

也许可以通过编写自己的AuthenticationHandler来获得更多手册.您可以使用.AddAuthorization和.AddAuthentication的IServiceCollection扩展来编写自己的逻辑来完成应该发生的事情.

Maybe get a little more manual by writing your own AuthenticationHandler. You can use the IServiceCollection extensions of .AddAuthorization and .AddAuthentication to write your own logic that does the things that are supposed to happen.

在后dotnet核心世界中，我在使用C#时发现的东西，只要使用它们所需要的框架就很少.框架的东西简直是脆弱而脆弱，在5年内，他们全部重做了3次，没有人能够在每个Startup.cs中维护5岁的流利构建者古怪的东西.

What I find with C# in a post-dotnet core world, use as little of their framework as is necessary to hook in to it. The framework stuff is all janky and brittle, and in 5 years when they've redone it all 3 times nobody will be able to maintain the bizarre 5-year old fluent builder stuff in every Startup.cs.

编写自己的AuthenticationHandler是在使用单行流利的构建器扩展方法与完全忽略整个框架并编写使用逻辑和理由的自己的框架之间的一种很好的折衷.

Writing your own AuthenticationHandler is a good compromise between using a single-line fluent builder extension method vs. completely ignoring the entire framework and writing your own framework that uses logic and reason.

这篇关于如何从Asp.net Core中的查询字符串验证Azure AD B2C令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！