我不确定我是否完全理解 Microsoft.Identity.Web 的更改,但我正在关注一篇文章(由 Microsoft 提供),其中描述了如何在启动时进行更改
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => Configuration.Bind("AzureAd", options));
到
services.AddMicrosoftIdentityWebAppAuthentication(Configuration);
虽然这看起来很好很简单,但我还有更多工作要做,因为我现有的代码中有以下代码片段
services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
.AddAzureAD(options => this.configuration.Bind("AzureAd", options))
.AddJwtBearer(options =>
{
//this code used to validate signing keys
string stsDiscoveryEndpoint = "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration";
IConfigurationManager<OpenIdConnectConfiguration> configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(stsDiscoveryEndpoint, new OpenIdConnectConfigurationRetriever());
OpenIdConnectConfiguration openIdConfig = configurationManager.GetConfigurationAsync(CancellationToken.None).GetAwaiter().GetResult();
var tenantId = this.configuration["TenantId"];
var validIssuer = $"https://sts.windows.net/{tenantId}/";
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidIssuer = validIssuer,
ValidAudience = this.configuration["ClientId"],
IssuerSigningKeys = openIdConfig.SigningKeys,
};
});
为了给您提供一些背景信息,我们对该应用程序有两种变体
您在上面看到的 JWTvaliation 部分适用于第二项,一旦我们收到令牌,我们就会在无需登录和 UI …
c# asp.net-core microsoft-identity-platform asp.net-core-3.1