时间戳

首页 > 解决方案 > ASP Net Core 调用 Azure B2C 策略

c# - ASP Net Core 调用 Azure B2C 策略

问题描述

我花了几天时间弄清楚如何从 ASP Net 核心正确调用 Azure B2C 策略/用户流。我们可以调用 B2C 登录并注册自定义策略。

我们为更改密码和创建的其他自定义策略实施了相同的方法。但是,当我们调用其他自定义策略(不包含在下面的代码中但相同的实现)时,我们遇到了不同的错误。每当我们修复错误时,都会出现新错误。

这让我认为我们没有以正确的方式调用 B2C 自定义策略/用户流。我可以知道下面的代码是否正确,或者您可以提出更好的方法。

谢谢你。

启动.cs

public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => HostingEnvironment.IsProduction();
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });

        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        })
        .AddCookie()
        .AddOpenIdConnect("B2C_1A_SignIn", options =>
        {
            options.Authority = $"https://{Configuration["B2C_1A_SignIn:Domain"]}";
            options.MetadataAddress = $"https://{Configuration["B2C_1A_SignIn:MetadataAddress"]}";

            // Configure the Auth0 Client ID and Client Secret
            options.ClientId = Configuration["B2C_1A_SignIn:ClientId"];
            options.ClientSecret = Configuration["B2C_1A_SignIn:ClientSecret"];

            // Set response type to code
            options.ResponseType = OpenIdConnectResponseType.IdToken;

            // Configure the scope
            options.Scope.Clear();
            options.Scope.Add("openid");

            // Set the callback path, so Auth0 will call back to http://localhost:3000/callback
            // Also ensure that you have added the URL as an Allowed Callback URL in your Auth0 dashboard
            options.CallbackPath = new PathString("/Home");

            // Configure the Claims Issuer to be Auth0
            options.ClaimsIssuer = "B2C_1A_SignIn";

            // Saves tokens to the AuthenticationProperties
            options.SaveTokens = true;
        })
        .AddOpenIdConnect("B2C_1A_ChangePassword", options =>
        {
            options.Authority = $"https://{Configuration["B2C_1A_ChangePassword:Domain"]}";
            options.MetadataAddress = $"https://{Configuration["B2C_1A_ChangePassword:MetadataAddress"]}";
            options.ClientId = Configuration["B2C_1A_ChangePassword:ClientId"];
            options.ClientSecret = Configuration["B2C_1A_ChangePassword:ClientSecret"];
            options.ResponseType = OpenIdConnectResponseType.IdToken;
            options.Scope.Clear();
            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.CallbackPath = new PathString("/Home");
            options.ClaimsIssuer = "B2C_1A_ChangePassword";
            options.SaveTokens = true;
        })
        );
    }

家庭控制器.cs

    public async Task SignIn()
    {
        await HttpContext.ChallengeAsync("B2C_1A_SignIn", new AuthenticationProperties() { RedirectUri = "/home" });
    }

    [Authorize]
    public async Task ChangePassword()
    {
        await HttpContext.ChallengeAsync("B2C_1A_ChangePassword", new AuthenticationProperties() { RedirectUri = "/home" });
    }

标签: c#asp.net-coreasp.net-identityopenid-connectazure-ad-b2c

解决方案

您的回调路径可能至少需要更改。指定回调路径,如/signin-callback/change-pw-callback

他们不需要匹配您应用中的操作。在您被重定向回您的应用程序后,身份验证方案通常会向您指定的 URL(或当前 URL)发出“本地重定向”。

推荐阅读