时间戳

首页 > 解决方案 > ASP.NET Core 3.1 如何使用 Azure AD B2C 返回 401 Unauthorized 而不是 Challenge

c# - ASP.NET Core 3.1 如何使用 Azure AD B2C 返回 401 Unauthorized 而不是 Challenge

问题描述

在我的 API 控制器中,我希望[Authorize]属性返回 401 Unauthorized 而不是强制 Azure AD B2C 登录质询并将该响应返回到我的前端(对 API 进行 ajax 调用)。

由于 Azure CORS 策略,质询重定向不起作用。我找到了多个答案,但似乎都不起作用(没有返回 401,它仍然尝试重定向到 Azure B2C 挑战)。

API 控制器:

[Route("api/[controller]")]
[ApiController]
[Authorize]
public class HierarchyController : ControllerBase
// ...

这是我当前的Startup.ConfigureServices代码:

// ...
services.Configure<AzureADB2COptions>(opt => 
            Configuration.GetSection("AzureAdB2C").Bind(opt));

services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
            .AddAzureADB2C(opt => Configuration.Bind("AzureAdB2C", opt))
            .AddCookie(opt =>
            {
                opt.Events = new CookieAuthenticationEvents
                {
                    OnRedirectToLogin = ctx =>
                    {
                        ctx.Response.StatusCode = 401;
                        return Task.CompletedTask;
                    }
                };
            });

我也尝试过使用:

services.ConfigureApplicationCookie(options =>
        {
            options.Events.OnRedirectToLogin = context =>
            {
                context.Response.Headers["Location"] = context.RedirectUri;
                context.Response.StatusCode = 401;
                return Task.CompletedTask;
            };
        });

并且在这两种情况下OnRedirectToLogin都使用OnRedirectToAccessDenied. 这些都不起作用。这些事件中的断点永远不会被命中,并且在执行未经授权的 API 调用后,我收到此错误:

Access to XMLHttpRequest at <MY_B2C_ADDR> (redirected from 'https://localhost:44394/api/Hierarchy') from origin 'https://localhost:44394' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

编辑: ConfigureServices

// ...
app.UseRouting(); 

app.UseAuthentication();
app.UseAuthorization();

app.UseEndpoints(endpoints =>
{
      endpoints.MapControllerRoute(
           name: "default",
           pattern: "{controller}/{action=Index}/{id?}");
});

标签: c#apiasp.net-coreasp.net-web-apiazure-ad-b2c

解决方案

对于将来阅读的任何人(或我) - 我已经解决了这个问题。在ConfigureServices做:

        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = AzureADB2CDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultSignOutScheme = AzureADB2CDefaults.AuthenticationScheme;
        })
            .AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options))
            .AddCookie(options =>
            {
                options.Events = new CookieAuthenticationEvents
                {
                    OnRedirectToLogin = context =>
                    {
                        if (context.Request.Path.StartsWithSegments("/api"))
                        {
                            context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                        }
                        else
                        {
                            context.Response.Redirect(context.RedirectUri);
                        }

                        return Task.FromResult(0);
                    }
                };
            });

推荐阅读