使用 .NET Core 2 的 Azure AD B2C Web API

Question

我正在尝试从受 Azure AD B2C 保护的 Web 应用调用 Web API。应用程序可以使用 Azure 登录页面正常登录。但是当我在我的 API 上调用我的 [Authorize] 端点时，我得到了 401 未经授权的响应。

我认为这应该可以使用 VS2017 和 ASP.NET Core 2.1 开箱即用。当我创建这两个应用程序时，我指定了“个人用户帐户”进行身份验证和“连接到云中的现有用户存储”。我发现的示例似乎来自 .NET Core 1 或更早版本，不再相关或使用已弃用的设置。

我在 API 访问部分中有应用程序，在 Azure 中具有读写范围。

如何成功授权我的应用调用我的 API？

这是我的 App Startup.cs：

public void ConfigureServices(IServiceCollection services)
{
    services.Configure<CookiePolicyOptions>(options =>
    {
        // This lambda determines whether user consent for non-essential cookies is needed for a given request.
        options.CheckConsentNeeded = context => true;
        options.MinimumSameSitePolicy = SameSiteMode.None;
    });

    services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
        .AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));

    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseExceptionHandler("/Home/Error");
        app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseCookiePolicy();

    app.UseAuthentication();

    app.UseMvc(routes =>
    {
        routes.MapRoute(
            name: "default",
            template: "{controller=Home}/{action=Index}/{id?}");
    });
}

我的应用 appsettings.json：

{
  "AzureAdB2C": {
    "Instance": "https://myCompanyPassport.b2clogin.com/tfp/",
    "ClientId": "51dde0de-a204-4b67-b890-068846e17ff1",
    "ClientSecret": "------------------------",
    "CallbackPath": "/signin-oidc",
    "Domain": "myCompanyPassport.onmicrosoft.com",
    "SignUpSignInPolicyId": "B2C_1_myCompanySignUpSignIn",
    "ResetPasswordPolicyId": "B2C_1_myCompanyPasswordReset",
    "EditProfilePolicyId": "B2C_1_myCompanyProfile",
    "TaskServiceUrl": "https://localhost:44337/",
    "ApiIdentifier": "https://myCompanyPassport.onmicrosoft.com/taskapi",
    "ReadScope": "read",
    "WriteScope": "write"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "*"
}

这是我的 API Startup.cs：

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication(AzureADB2CDefaults.BearerAuthenticationScheme)
        .AddAzureADB2CBearer(options => Configuration.Bind("AzureAdB2C", options));

    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {
        app.UseHsts();
    }

    app.UseHttpsRedirection();
    app.UseAuthentication();
    app.UseMvc();
}

我的 API appsettings.json：

{
  "AzureAdB2C": {
    "Instance": "https://myCompanyPassport.b2clogin.com/tfp/",
    "ClientId": "213764b3-8c2a-4bf6-9e69-355495a8f14e",
    "ClientSecret": "------------------------",
    "Domain": "myCompanyPassport.onmicrosoft.com",
    "SignUpSignInPolicyId": "B2C_1_myCompanySignUpSignIn",
    "ReadScope": "read",
    "WriteScope": "write"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "*"
}

Answer 1

你试过了吗（addazureadbearer api）

   services.AddAuthentication(sharedOptions =>
        {
            sharedOptions.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
        })
        .AddAzureAdBearer(options => Configuration.Bind("AzureAd", options));