c# - ASP.NET Core 3.1 如何使用 Azure AD B2C 返回 401 Unauthorized 而不是 Challenge
问题描述
在我的 API 控制器中,我希望[Authorize]
属性返回 401 Unauthorized 而不是强制 Azure AD B2C 登录质询并将该响应返回到我的前端(对 API 进行 ajax 调用)。
由于 Azure CORS 策略,质询重定向不起作用。我找到了多个答案,但似乎都不起作用(没有返回 401,它仍然尝试重定向到 Azure B2C 挑战)。
API 控制器:
[Route("api/[controller]")]
[ApiController]
[Authorize]
public class HierarchyController : ControllerBase
// ...
这是我当前的Startup.ConfigureServices
代码:
// ...
services.Configure<AzureADB2COptions>(opt =>
Configuration.GetSection("AzureAdB2C").Bind(opt));
services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
.AddAzureADB2C(opt => Configuration.Bind("AzureAdB2C", opt))
.AddCookie(opt =>
{
opt.Events = new CookieAuthenticationEvents
{
OnRedirectToLogin = ctx =>
{
ctx.Response.StatusCode = 401;
return Task.CompletedTask;
}
};
});
我也尝试过使用:
services.ConfigureApplicationCookie(options =>
{
options.Events.OnRedirectToLogin = context =>
{
context.Response.Headers["Location"] = context.RedirectUri;
context.Response.StatusCode = 401;
return Task.CompletedTask;
};
});
并且在这两种情况下OnRedirectToLogin
都使用OnRedirectToAccessDenied
. 这些都不起作用。这些事件中的断点永远不会被命中,并且在执行未经授权的 API 调用后,我收到此错误:
Access to XMLHttpRequest at <MY_B2C_ADDR> (redirected from 'https://localhost:44394/api/Hierarchy') from origin 'https://localhost:44394' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
编辑: ConfigureServices
// ...
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller}/{action=Index}/{id?}");
});
解决方案
对于将来阅读的任何人(或我) - 我已经解决了这个问题。在ConfigureServices
做:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = AzureADB2CDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignOutScheme = AzureADB2CDefaults.AuthenticationScheme;
})
.AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options))
.AddCookie(options =>
{
options.Events = new CookieAuthenticationEvents
{
OnRedirectToLogin = context =>
{
if (context.Request.Path.StartsWithSegments("/api"))
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
}
else
{
context.Response.Redirect(context.RedirectUri);
}
return Task.FromResult(0);
}
};
});