-1
我已經使用OpenIDConnectAuthentication設置了我的Web應用程序,如下所示。 OnAuthorizationCodeReceived通知使用Microsoft.IdentityModel.Clients.ActiveDirectory 3.13.8。Azure B2C Active Directory OpenIDConnect和授權碼
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
MetadataAddress = Settings.AADB2CAuth.SignInPolicyMetaAddress, // https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration?p={policy} policy = B2C_1_SignIn
AuthenticationType = Settings.AADB2CAuth.SignInPolicyId, // B2C_1_SignIn
ClientId = Settings.AADB2CAuth.ClientId, // {guid}
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
AuthorizationCodeReceived = OnAuthorizationCodeReceived
},
RedirectUri = Settings.AADB2CAuth.RedirectUri,
Scope = "openid",
ResponseType = "id_token",
});
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification context)
{
var code = context.Code;
ClientCredential clientCredential = new ClientCredential(Settings.AADB2CAuth.ClientId, Settings.AADB2CAuth.ClientSecret);
string userObjectID = context.AuthenticationTicket.Identity.FindFirst(Settings.ClaimTypes.ObjectIdentifier).Value;
string authority = Settings.AADB2CAuth.Authority; // https://login.microsoftonline.com/{tenant}
AuthenticationContext authContext = new AuthenticationContext(authority, new ADAL.ADALTokenCache(userObjectID));
Uri redirectUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(code, redirectUri, clientCredential, Settings.AADGraphApi.GraphResourceId);
}
這工作正常。但是,id_token不會返回授權碼。如果將其更改爲code id_token或只是code,在AuthorizationCodeReceived通知火災,但後來我遇到了錯誤
AADSTS70000: Authentication failed: Authorization Code is malformed or invalid
基本上我試圖做的是訪問B2C AD在用戶簽訂的電流。這是可能嗎?
我更新了我的身份驗證選項
new OpenIdConnectAuthenticationOptions
{
AuthenticationType = Settings.AADB2CAuth.SignInPolicyId,
Authority = string.Format("https://login.microsoftonline.com/tfp/{0}/{1}", Settings.AADB2CAuth.Tenant, Settings.AADB2CAuth.SignInPolicyId),
ClientId = Settings.AADB2CAuth.ClientId,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = OnAuthenticationFailed,
AuthorizationCodeReceived = OnAuthorizationCodeReceived
},
RedirectUri = Settings.AADB2CAuth.RedirectUri,
Scope = "openid",
ResponseType = "code id_token",
});
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification context)
{
var code = context.Code;
ClientCredential clientCredential = new ClientCredential(Settings.AADB2CAuth.ClientId, Settings.AADB2CAuth.ClientSecret);
string userObjectID = context.AuthenticationTicket.Identity.FindFirst(Settings.ClaimTypes.ObjectIdentifier).Value;
string authority = string.Format("https://login.microsoftonline.com/tfp/{0}/{1}", Settings.AADB2CAuth.Tenant, Settings.AADB2CAuth.SignInPolicyId);
AuthenticationContext authContext = new AuthenticationContext(authority, new ADAL.ADALTokenCache(userObjectID));
Uri redirectUri = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
AuthenticationResult result = await authContext.AcquireTokenByAuthorizationCodeAsync(code, redirectUri, clientCredential, Settings.AADGraphApi.GraphResourceId);
}
我現在遇到了一個例外,其細節是一個404頁面的HTML內容。查看請求我相信這是因爲AcquireTokenByAuthorizationCodeAsync正在尋找https://login.microsoftonline.com/tfp/oauth2/token發送授權碼,我認爲它不應該?
這可能是值得一提的是,授權碼頭我得到的回覆是以下幾點:
{
"kid": "cpimcore_09252015",
"ver": "1.0"
}
快速谷歌搜索這產生one result和this引用following issue在Android ADAL。但我不確定這是否與我的問題有關。
我正在使用'Microsoft.IdentityModel.Clients.ActiveDirectory'來交換授權碼(請參閱更新後的問題)。我不確定是否可以修改它,以便在請求的主體中發送策略。我嘗試了您提供的替代網址,但這也不起作用。我顯然在做大量錯誤的事情。 – Mardoxx
該庫(ADAL)適用於Azure AD稱爲「v1應用程序」的內容。從技術上講,B2C應用程序被認爲是「V2應用程序」或「融合應用程序」(注意URL內有'/ v2.0')。有一個名爲[MSAL]的v2應用程序的新庫(https://github.com/AzureAD/microsoft-authentication-library-for-dotnet)。這是[使用MSAL的示例](https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect-v2)。 –
@Mardoxx你能證實這是個問題嗎? –