我有库存文件|新网页| asp.net核心Web api项目模板,在其中选择了AzureAD身份验证,该模板生成了以下Startup.cs
<ENVELOPE>
<HEADER>
<TALLYREQUEST>Export Data</TALLYREQUEST>
</HEADER>
<BODY>
<EXPORTDATA>
<REQUESTDESC>
<!-- Specify the Report Name here -->
<REPORTNAME>PurchaseVouchers</REPORTNAME>
<STATICVARIABLES>
<SVEXPORTFORMAT>$$SysName:XML</SVEXPORTFORMAT>
<!--Specify the Period here-->
<SVFROMDATE>20181001</SVFROMDATE>
<SVTODATE>20181001</SVTODATE>
</STATICVARIABLES>
</REQUESTDESC>
</EXPORTDATA>
</BODY>
</ENVELOPE>
和以下appsettings.json
def adder(num):
return sum(num)
def avg(*num):
return adder(num)/len(num)
print("Average: ",avg(1,2,3,4))
我正在使用邮递员来利用公共客户端配置文件应用程序设置来获取令牌,就像我对另一个Web api设置所做的一样,该设置正在使用相同的azureAd承载令牌认证代码和设置坐标按预期工作。
由于某种原因,该应用正试图验证错误的令牌发行者格式,而我对如何纠正它一无所知。
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
.AddAzureADBearer(options => Configuration.Bind("AzureAd", options));
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
答案 0 :(得分:0)
如果您为ClientId配置azuread应用程序注册条目以支持任何组织或消费者(也称为microsoft帐户)而不是仅支持您的组织或任何组织,则可以发现此问题。解决方法是使用下面显示的AddJwtBearer()代码的Startup.ConfigureServices()块,而不是项目模板提供的AddAzureADBearer()块。
public void ConfigureServices(IServiceCollection services)
{
// if azuread app registrations entry for ClientId has "signInAudience": "AzureADMyOrg" or "AzureADMultipleOrgs" where "iss": "https://sts.windows.net/{TenantId}/"
services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
.AddAzureADBearer(options => //Configuration.Bind("AzureAd", options));
{
Configuration.Bind("AzureAd", options);
Log.LogInformation($"the AddAzureADBearer options have been configured for ClientId = {options.ClientId}");
});
// if azuread app registrations entry for ClientId has "signInAudience": "AzureADandPersonalMicrosoftAccount" where "iss": "https://login.microsoftonline.com/{TenantId}/v2.0"
services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; })
.AddJwtBearer(options =>
{
var azureadoptions = new AzureADOptions(); Configuration.Bind("AzureAd", azureadoptions);
options.Authority = $"{azureadoptions.Instance}{azureadoptions.TenantId}/v2";
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidAudience = $"{azureadoptions.ClientId}",
//ValidAudiences = new List<string> { $"{azureadoptions.ClientId}", $"api://{azureadoptions.ClientId}", $"https://myapp.azurewebsites.net/" },
//ValidIssuer = $"https://sts.windows.net/{azureadoptions.TenantId}/" // for "signInAudience": "AzureADMyOrg" or "AzureADMultipleOrgs"
ValidIssuer = $"{azureadoptions.Instance}{azureadoptions.TenantId}/v2.0" // for "signInAudience": "AzureADandPersonalMicrosoftAccount"
//ValidIssuers = new List<string> { $"https://sts.windows.net/{azureadoptions.TenantId}/", $"{azureadoptions.Instance}{azureadoptions.TenantId}/v2.0" }
};
Log.LogInformation($"the AddJwtBearer options have been configured for ClientId = {azureadoptions.ClientId}");
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
答案 1 :(得分:0)
我试图通过web-api中的uwp-app验证现有令牌,但出现类似问题:
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10205: Issuer validation failed. Issuer: 'https://spolujizda.b2clogin.com/4e8094c9-5058-454c-b201-ef61d7ae6619/v2.0/'. Did not match: validationParameters.ValidIssuer: 'null' or validationParameters.ValidIssuers: 'https://login.microsoftonline.com/4e8094c9-5058-454c-b201-ef61d7ae6619/v2.0/'.
at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateIssuer(String issuer, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: AzureADB2CJwtBearer was not authenticated. Failure message: IDX10205: Issuer validation failed. Issuer: 'https://spolujizda.b2clogin.com/4e8094c9-5058-454c-b201-ef61d7ae6619/v2.0/'. Did not match: validationParameters.ValidIssuer: 'null' or validationParameters.ValidIssuers: 'https://login.microsoftonline.com/4e8094c9-5058-454c-b201-ef61d7ae6619/v2.0/'.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Route matched with {action = "Get", controller = "Values"}. Executing action Spolujizda.ApiServer.Controllers.ValuesController.Get (Spolujizda.ApiServer)
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler:Information: AuthenticationScheme: AzureADB2CJwtBearer was challenged.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action Spolujizda.ApiServer.Controllers.ValuesController.Get (Spolujizda.ApiServer) in 8.105ms
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 8950.4739ms 401 text/plain
但是对我来说,解决方法要简单得多。
对于Web API,我将AzureAdB2C.Instance设置为https://spolujizda.b2clogin.com/tfp/
对于uwp-app,我一直通过https://login.microsoftonline.com/tfp/发行令牌
这就是为什么导致此错误的原因。因为在uwp-app中,令牌是为login.microsoft发行的...而Web-api试图将发行者验证为spolujizda.b2clogin ...
首先,我尝试更改用于为uwp-app发行令牌的地址,但这没有用。 因此,接下来我只是将web-api的AzureAdB2C.Instance配置更改为login.microsoft ....,它现在可以工作。