Col*_*ond 4 azure azure-active-directory azure-ad-b2c asp.net-core
我们有一个用 ASP.Net Core 2.2 编写的 web api,我们想根据 AAD 或 B2C 对用户进行身份验证。这意味着我们有一些端点只能由 AAD 用户访问,其他端点可由 B2C 用户访问,有些则两者都可以访问。
在 Startup.cs 中,我们有
services.AddAuthentication(AzureADB2CDefaults.BearerAuthenticationScheme)
.AddAzureADB2CBearer(options => Configuration.Bind("AzureAdB2C", options));
services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
AddAzureADBearer(options => Configuration.Bind("AzureAd", options));
这些单独工作,但是当我们尝试同时为两者添加配置时,两者都不起作用。
我也试过
services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
.AddAzureADBearer(options => Configuration.Bind("AzureAd", options))
.AddAzureADB2CBearer(options => Configuration.Bind("AzureAdB2C", options));
但两者似乎都不起作用。我们如何才能做到这一点?
我也面临类似的问题,并通过自定义策略实现。下面是验证码。
public static void AddAuthorization(this IServiceCollection services, IConfigurationRoot configuration)
{
services.AddAuthentication()
.AddJwtBearer("AAD", options =>
{
options.MetadataAddress = configuration["AzureAd:Instance"] + configuration["AzureAd:TenantId"] +
"/v2.0/.well-known/openid-configuration";
options.Authority = configuration["AzureAd:Instance"] + configuration["AzureAd:TenantId"];
options.Audience = configuration["AzureAd:ClientId"];
options.TokenValidationParameters =
new TokenValidationParameters
{
ValidIssuer = $"https://sts.windows.net/{configuration["AzureAd:TenantId"]}/",
};
options.Events = new JwtBearerEvents
{
OnMessageReceived = context => Task.CompletedTask,
OnChallenge = context => Task.CompletedTask,
OnAuthenticationFailed = (context) =>
{
Console.WriteLine("OnAuthenticationFailed: " + context.Exception.Message);
return Task.CompletedTask;
},
OnTokenValidated = context =>
{
Console.WriteLine("Validated: " + context.SecurityToken);
return Task.CompletedTask;
}
};
})
.AddJwtBearer("B2C", options =>
{
options.Authority = configuration["AzureAdB2C:Instance"] + configuration["AzureAdB2C:Domain"] + "/" + configuration["AzureAdB2C:SignUpSignInPolicyId"] + "/v2.0";
options.Audience = configuration["AzureAdB2C:ClientId"];
options.Events = new JwtBearerEvents
{
OnMessageReceived = context => Task.CompletedTask,
OnChallenge = context => Task.CompletedTask,
OnAuthenticationFailed = (context) =>
{
Console.WriteLine("OnAuthenticationFailed: " + context.Exception.Message);
return Task.CompletedTask;
},
OnTokenValidated = context =>
{
Console.WriteLine("Validated: " + context.SecurityToken);
return Task.CompletedTask;
}
};
});
services
.AddAuthorization(options =>
{
options.AddPolicy("AADUsers", new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("AAD")
.Build());
options.AddPolicy("B2CUsers", new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("B2C")
.Build());
});
}
在 startup.cs 在 ConfigureServices 中添加以下代码
services.AddAuthorization(Configuration);
现在在您的控制器中,您可以根据 AD 或 B2CAD 进行这样的装饰
[Authorize(Policy = "B2CUsers")] // For B2C authentication
[Authorize(Policy = "AADUsers")] // For AAD authentication
| 归档时间: |
|
| 查看次数: |
1795 次 |
| 最近记录: |