登录到ASP.Net Core Web应用程序->使用Azure AD B2C的具有单个用户帐户的API [英] Sign in to ASP.Net Core Web Application -> API with Individual User Accounts using Azure AD B2C

查看：59 发布时间：2021/4/11 18:48:14 c# azure asp.net-core asp.net-core-webapi azure-ad-b2c

本文介绍了登录到ASP.Net Core Web应用程序->使用Azure AD B2C的具有单个用户帐户的API的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我已经使用->个人用户帐户->连接到云中的现有用户存储(Azure AD B2C)，使用ASP.NET Razor页面设置了Web应用程序.

这真的很好，我可以注册并登录该Web应用程序.

但是，当我遵循API指南时，我不知道如何登录.

示例 Controller /weatherforecast在启动Web应用程序时仅返回HTTP 401.

看着文件结构，我也找不到任何线索，但这可能类似于我猜想的脚手架.

如果我从 WeatherForecastController 中注释掉 [Authorize] ，我会收到HTTP 200，所以我需要的只是来自Azure AD B2C的令牌，该令牌将被发送到GET请求中的控制器.

我知道B2C租户和应用程序都可以工作，因为我对API使用的Web应用程序与Web应用程序相同.它是根据Microsoft自己的指南设置的:

因此，第一步是要确保您在 Published scopes :

下具有您的Azure AD B2C应用程序的读取范围:

然后在 API访问权限下添加具有读取范围的应用程序.

然后以这种格式执行GET请求，最简单的测试方法是在Chrome或任何其他浏览器中使用它:

  https://<租户名称> .b2clogin.com/tfp/<租户名称> .onmicrosoft.com/<政策名称>/oauth2/v2.0/授权?client_id =<应用程序ID>& nonce = anyRandomValue& redirect_uri = https://jwt.ms& scope = https://< tenant-name> .onmicrosoft.com/api/read& response_type =代码

确保 redirect_uri 以 Reply URL 的形式显示在您的应用程序中.

这应该为您提供类似 https://jwt.ms/?code = ... 或 https//localhost:44376/signin-oidc?code = ，具体取决于 redirect_uri .Microsoft示例使用 https://jwt.ms ，但我更喜欢将代码保留在我控制的域上.

我从Postman复制代码参数中的值，然后执行POST请求.

  POST< tenant-name> .onmicrosoft.com/oauth2/v2.0/token?p =< policy-name>HTTP/1.1主机:< tenant-name> .b2clogin.com内容类型:application/x-www-form-urlencodedgrant_type =授权码& client_id =<应用程序ID>& scope = https://< tenant-name> .onmicrosoft.com/api/read& code = eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMC ...& redirect_uri = https://jwt.ms& client_secret =< app-key>

client_secret 来自密钥:

正确的响应应如下所示:

然后，您可以复制 access_token 的值，并使用 Bearer Authorization 访问本地API.要查看您的 access_token 的内容，您可以将值复制到 https://jwt.ms/

I have set up a Web Application with ASP.NET Razor Pages with -> Individual User Accounts -> Connect to an existing user store in the cloud (Azure AD B2C).

This works really well and I could both sign up and sign in to the web application.

However when I follow the guide for API I don't understand how to sign in.

The example Controller /weatherforecast simply returns a HTTP 401 when the web application is started.

Looking at the file structure I can't find any clues either but this could be similar to scaffolding I guess.

https://stackoverflow.com/a/50677133/3850405

If I comment out [Authorize] from WeatherForecastController I get a HTTP 200 so what I need is probably just a token from Azure AD B2C that is being sent to the Controller in the GET request.

I know that the B2C tenant and application work since I use the same application for the API as I did with the Web Application. It was set up using Microsofts own guide:

https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-tenant

解决方案

Update 2020-07-27:

Applications are now Legacy and App registrations should be used instead. See this guide:

https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-register-applications?tabs=app-reg-ga#register-a-web-application

Old:

Fixed it using these guides:

https://docs.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview https://docs.microsoft.com/en-us/azure/active-directory-b2c/access-tokens

I had some trouble where I got the error "AADB2C90205: This application does not have sufficient permissions against this web resource to perform the operation. numerous times. Turned out I had not declared the correct scopes for the application.

First step is therefore to make sure you have a read scope for your Azure AD B2C application under Published scopes:

Then under API access add your application with the scope read.

Then perform a GET request with this format, simplest way to test is to use it in Chrome or any other browser:

https://<tenant-name>.b2clogin.com/tfp/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize?
client_id=<application-ID>
&nonce=anyRandomValue
&redirect_uri=https://jwt.ms
&scope=https://<tenant-name>.onmicrosoft.com/api/read
&response_type=code

Make sure the redirect_uri is present as Reply URL for your application.

This should give you a result like after logging in like https://jwt.ms/?code=... or https//localhost:44376/signin-oidc?code= depending on redirect_uri. Microsoft example uses https://jwt.ms but I prefer to keep my codes on domains that I control.

Copy the value from code parameter and then perform a POST request, I use Postman.

POST <tenant-name>.onmicrosoft.com/oauth2/v2.0/token?p=<policy-name> HTTP/1.1
Host: <tenant-name>.b2clogin.com
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
&client_id=<application-ID>
&scope=https://<tenant-name>.onmicrosoft.com/api/read
&code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMC...
&redirect_uri=https://jwt.ms
&client_secret=<app-key>

client_secret is from Keys:

Correct response should look like this:

Then you can copy the value for access_token and access your local API with Bearer Authorization. To see the content of your access_token you can copy the value to https://jwt.ms/

这篇关于登录到ASP.Net Core Web应用程序->使用Azure AD B2C的具有单个用户帐户的API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

登录到ASP.Net Core Web应用程序->使用Azure AD B2C的具有单个用户帐户的API [英] Sign in to ASP.Net Core Web Application -> API with Individual User Accounts using Azure AD B2C

问题描述

相关文章

C#/.NET最新文章

热门教程

热门工具

登录关闭

登录到ASP.Net Core Web应用程序->使用Azure AD B2C的具有单个用户帐户的API [英] Sign in to ASP.Net Core Web Application -&gt; API with Individual User Accounts using Azure AD B2C

问题描述

相关文章

C#/.NET最新文章

热门教程

热门工具

登录 关闭

登录到ASP.Net Core Web应用程序->使用Azure AD B2C的具有单个用户帐户的API [英] Sign in to ASP.Net Core Web Application -> API with Individual User Accounts using Azure AD B2C

登录关闭