azure - Azure AD + ASP.Net Core 2.1 的未经授权的响应和无效的受众错误

问题描述

我使用带有 Azure AD 身份验证的 ASP.net Core 2.1 开发了一个 UI 和 Web API。两者都注册了 Azure 应用程序注册。我在 UI 中使用下面的代码。但我收到一个未经授权的错误。

string AZURE_AD_INSTANE = "https://login.microsoftonline.com/";
string TENANT_ID = "<tenant GUID>";
string CLIENT_ID = "<Client GUID ofWeb API>";
string SECRET = "<Secret created for Web API under Certificates & secrets>";
string RESOURCE = "https://MyOrg.onmicrosoft.com/TestWebAPI"; //Application ID URI set in Expose an API
ClientCredential ClientCredential = new ClientCredential(CLIENT_ID, SECRET);
string authority = String.Format("{0}{1}", AZURE_AD_INSTANE, TENANT_ID);


AuthenticationContext authContext = new AuthenticationContext(authority);
string accessToken = authContext.AcquireTokenAsync(RESOURCE, ClientCredential).Result.AccessToken;

HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "https://localhost:44326/api/values/Get");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
HttpResponseMessage response = client.SendAsync(request).GetAwaiter().GetResult();

string status = response.StatusCode.ToString();

启动.cs

public void ConfigureServices(IServiceCollection services)
{
      services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
                .AddAzureADBearer(options => Configuration.Bind("AzureAd", options)); 
       services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}

我正在获取访问令牌。当我签入 jwt.io 时，它显示“签名已验证”。但是 API 调用给出了未经授权的响应状态代码。当我检查响应头时，它的信息为“{Bearer error="invalid_token", error_description="The Audience is invalid"}”

我该如何解决这个问题？

标签： azureasp.net-coreazure-active-directoryasp.net-core-webapibearer-token