以前,我一直在使用MobileServiceClient.LoginAsync(..)与社交身份提供商启动身份验证流程。
最近,我设置了Azure B2C-我已经使用Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(..)在浏览器中启动身份验证并获取JSON Web令牌:
我可以使用B2C中的JSON Web令牌向Azure应用服务进行身份验证吗?
我可以使用以下内容对Azure App服务进行身份验证吗?
MobileServiceClient.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, [JWT HERE])
是否有更简便的方法来使用Azure App Service + Azure B2C进行身份验证?
谢谢, 汤姆。
答案 0 :(得分:0)
您提供的代码为Integrating Azure Active Directory B2C with Azure Mobile Apps。
方法CreateOptionsFromPolicy将以策略名称作为输入参数,并将返回类型为OpenIdConnectAuthenticationOptions的对象,该对象负责控制OpenID Connect中间件。
TokenValidationParameters用于存储验证令牌所需的信息,我们只需要在此处更改NameClaimType和SaveSigninToken的2个设置。
private OpenIdConnectAuthenticationOptions CreateOptionsFromPolicy(string policy)
{
return new OpenIdConnectAuthenticationOptions
{
// For each policy, give OWIN the policy-specific metadata address, and
// set the authentication type to the id of the policy
MetadataAddress = String.Format(aadInstance, tenant, policy),
AuthenticationType = policy,
// These are standard OpenID Connect parameters, with values pulled from web.config
ClientId = clientId,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = AuthenticationFailed
},
Scope = "openid",
ResponseType = "id_token",
// This piece is optional - it is used for displaying the user's name in the navigation bar.
TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
SaveSigninToken = true //important to save the token in boostrapcontext
}
};
}