我在配置AspNet Core 2.1网站以使用Azure AD B2C进行身份验证时遇到问题。我有this example可以工作,但是当我尝试使其适应我自己的AD B2C租户时,在以下代码中出现无效的操作异常:
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
var clientCredential = new ClientCredential(context.Options.ClientSecret);
var userId = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
var tokenCache = new SessionTokenCache(context.HttpContext, userId);
var confidentialClientApplication = new ConfidentialClientApplication(
context.Options.ClientId,
context.Options.Authority,
_options.RedirectUri,
clientCredential,
tokenCache.GetInstance(),
null);
try
{
// this next line throws the exception
var authenticationResult = await confidentialClientApplication.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code, _options.ApiScopes.Split(' '));
context.HandleCodeRedemption(authenticationResult.AccessToken, authenticationResult.IdToken);
}
catch (Exception ex)
{
// TODO: Handle
throw;
}
}
异常详细信息为:
Microsoft.Identity.Client.MsalServiceException HResult = 0x80131500
消息= AADSTS50049:未知或无效实例。跟踪ID: 1391c6be-c8f7-4c05-a575-b4998f79d800相关ID: 8b83a695-000f-44c2-99c1-d779725342da时间戳记:2018-09-27 02:05:02Z
来源= Microsoft.Identity.Client StackTrace:位于 Microsoft.Identity.Client.Internal.OAuth2.OAuth2Client.CreateErrorResponse(HttpResponse 响应,RequestContext requestContext) Microsoft.Identity.Client.Internal.OAuth2.OAuth2Client.CreateResponse [T](HttpResponse 响应,RequestContext requestContext,布尔值addCorrelationId)
在 Microsoft.Identity.Client.Internal.OAuth2.OAuth2Client.d__91.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()1.GetResult() 在 RideMonitorSite.AzureADB2COpenIdConnectOptionsConfigurator.d__5.MoveNext() 在 C:\ Programming \ RideMonitorServer \ RideMonitorSite \ AzureADB2COpenIDConnectOptionsConfigurator.cs:line 58
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.OAuth2.OAuth2Client.<DiscoverAadInstanceAsync>d__7.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Instance.AadAuthority.<GetOpenIdConfigurationEndpointAsync>d__4.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Instance.Authority.<ResolveEndpointsAsync>d__45.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<ResolveAuthorityEndpointsAsync>d__37.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<PreTokenRequestAsync>d__36.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__33.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.ConfidentialClientApplication.<AcquireTokenByAuthorizationCodeCommonAsync>d__17.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.ConfidentialClientApplication.<AcquireTokenByAuthorizationCodeAsync>d__4.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter
通过检查传递给引发异常的函数的参数,我注意到_options.ApiScopes设置为:
这是我在应用程序中配置的。租户应用程序配置的api URL设置为该URL的“文件夹”(即,不包括user.read的所有内容)...但是我不确定我应该在租户应用程序中执行什么其他配置。它怎么知道user.read意味着什么?
如果有人可以向我介绍有关应如何设置AD B2C的介绍性材料,将不胜感激。到目前为止,我发现的东西是我显然没有的知识水平。
答案 0 :(得分:0)
如果您将 your-tenant-name.b2clogin.com 域与MSAL一起使用,那么(在撰写本文时)您必须: