B2C令牌无法授予对受AAD保护的API的访问权限

时间:2019-04-30 20:23:16

标签: azure azure-active-directory azure-ad-b2c adal msal

我有一个通过Active Directory身份验证保护的Azure应用服务

我可以为Active Directory用户成功获得令牌,该令牌将授权对“ azurewebsites.net”域上受保护的API的访问请求

我希望使用B2C,以便人们可以注册

我已经创建了一个B2C租户,添加了API'user_impersonation'范围并授予访问权限

我在本机应用程序上登录到B2C租户并收到令牌

与AAD令牌不同,该令牌不会授予对上述安全API的访问权限

这是登录到B2C帐户时在Visual Studio实例中返回的调试输出,确认已返回令牌

Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] Checking client info returned from the server..
Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] Saving Token Response to cache..
Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] Looking for scopes for the authority in the cache which intersect with https://alfretonb2c.onmicrosoft.com/backends/user_impersonation
Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] Intersecting scope entries count - 0
Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] Matching entries after filtering by user - 0
Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] Saving RT in cache...
Info (False) MSAL 2.7.1.0 MSAL.Xamarin.iOS 12.2 [04/30/2019 20:15:01 - bbc5a55f-7c7a-4cf0-ac5a-ed39a614f17f] === Token Acquisition finished successfully. An access token was returned with Expiration Time: 04/30/2019 21:15:01 +00:00 ===

预期结果是B2C目录中的令牌,然后我可以使用该令牌将安全请求发送到由应用程序服务级别的Active Directory身份验证保护的API

相反,我只是收到

You do not have permission to view this directory or page.

0 个答案:

没有答案