我有一个通过Active Directory身份验证保护的Azure应用服务
我可以为Active Directory用户成功获得令牌,该令牌将授权对“ azurewebsites.net”域上受保护的API的访问请求
我希望使用B2C,以便人们可以注册
我已经创建了一个B2C租户,添加了API'user_impersonation'范围并授予访问权限
我在本机应用程序上登录到B2C租户并收到令牌
与AAD令牌不同,该令牌不会授予对上述安全API的访问权限
这是登录到B2C帐户时在Visual Studio实例中返回的调试输出,确认已返回令牌
Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] Checking client info returned from the server..
Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] Saving Token Response to cache..
Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] Looking for scopes for the authority in the cache which intersect with https://alfretonb2c.onmicrosoft.com/backends/user_impersonation
Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] Intersecting scope entries count - 0
Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] Matching entries after filtering by user - 0
Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] Saving RT in cache...
Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] === Token Acquisition finished successfully. An access token was returned with Expiration Time: 04/30/2019 21:15:01 +00:00 ===
预期结果是B2C目录中的令牌,然后我可以使用该令牌将安全请求发送到由应用程序服务级别的Active Directory身份验证保护的API
相反,我只是收到
You do not have permission to view this directory or page.