策略忽略b2c身份验证方案

Question

我在.net core 3.0 API中添加了一个Costum策略，它破坏了默认的B2C身份验证方案，我不知道为什么。

我使用了Microsoft本身提供的文档-> https://docs.microsoft.com/en-us/aspnet/core/security/authorization/limitingidentitybyscheme?view=aspnetcore-3.0

AuthenticationScheme如下所示：

           services.AddAuthentication(AzureADB2CDefaults.BearerAuthenticationScheme)
                .AddAzureADB2CBearer(options => {
                    Configuration.Bind("AzureAdB2C", options);
                });

以下创建策略的代码

         var groupOptions = new List<GroupOptions>();
            configuration.Bind("Groups", groupOptions);

            services.AddAuthorization(options =>
            {
                foreach (var groupOption in groupOptions)
                {
                    options.AddPolicy(
                        groupOption.GroupName,
                        policy =>
                        {
                            policy.AddAuthenticationSchemes(AzureADB2CDefaults.BearerAuthenticationScheme);
                            //policy.AuthenticationSchemes.Add(AzureADB2CDefaults.BearerAuthenticationScheme);
                            policy.RequireAuthenticatedUser();
                            //policy.Requirements.Add(new IsMemberOfGroupRequirement(groupOption.GroupName, groupOption.GroupId));
                            policy.AddRequirements(new IsMemberOfGroupRequirement(groupOption.GroupName, groupOption.GroupId));
                        });
                }

            }).AddSingleton<IAuthorizationHandler, IsMemberOfGroupHandler>();

政策本身

    public class IsMemberOfGroupRequirement : IAuthorizationRequirement
    {
        public readonly string GroupId;
        public readonly string GroupName;

        public IsMemberOfGroupRequirement(string groupName, string groupId)
        {
            GroupName = groupName;
            GroupId = groupId;
        }
    }

    public class IsMemberOfGroupHandler : AuthorizationHandler<IsMemberOfGroupRequirement>
    {
        private readonly IMicrosoftGraphConnector _microsoftGraphConnector;
        private readonly IMapper _mapper;

        public IsMemberOfGroupHandler(IMicrosoftGraphConnector microsoftGraphConnector, IMapper mapper)
        {
            _microsoftGraphConnector = microsoftGraphConnector;
            _mapper = mapper;
        }

        protected override async Task HandleRequirementAsync(
            AuthorizationHandlerContext context, IsMemberOfGroupRequirement requirement)
        {
            var id = context.User.Claims.FirstOrDefault(claim => claim.Type == Constants.Claims.Id);

            if (await CheckGroup(id, requirement))
            {
                context.Succeed(requirement);
            }
        }

        protected async Task<bool> CheckGroup(System.Security.Claims.Claim id, IsMemberOfGroupRequirement requirement)
        {

            var microsoftGraphGroup = await _microsoftGraphConnector.GetMicrosoftGraphServiceClient()
                .Users[id.Value].MemberOf
                .Request()
                .GetAsync();

            var groupDTO = _mapper.Map<ICollection<GroupDTO>>(microsoftGraphGroup);

            foreach (var group in groupDTO)
            {
                if (group.Id.Equals(requirement.GroupId))
                {
                    return true;
                }
            }

            return false;
        }
    }