我在Angular中有一个SPA客户端,该客户端成功登录到Azure AD,并生成令牌,然后将其通过Authorization: Bearer ${token}传递给.Net Core(3.0)API,然后尝试使用{{ 1}}检查并允许访问REST Api调用,我们仍在使用[Authorize],并且JWT标头中没有随机数。我在ConfigureServices方法中有以下代码:
"ver": "1.0"当我使用locahost运行项目时,它可以正常工作,但是我将代码部署到服务器上,却收到以下错误消息:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = "https://login.microsoftonline.com/common";
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidIssuer = options.Authority,
ValidateLifetime = true,
ValidateAudience = true,
ValidAudience = "{myClientID}",
IssuerValidator = (issuer, token, parameter) => "https://sts.windows.net/{MyIssuer}/"
};
});
services.AddAuthorization(options =>
{
options.DefaultPolicy =
new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser()
.Build();
});
以上消息表明我不允许某些人连接到该站点进行验证,我的参数正确吗?我使用jwt.io来检查令牌,它说签名有效,并且在正文上可以看到期望的Exception occurred while processing message.
Exception:
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://login.microsoftonline.com/common/.well-known/openid-configuration'.
---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://login.microsoftonline.com/common/.well-known/openid-configuration'.
---> System.Net.Http.HttpRequestException: No connection could be made because the target machine actively refused it.
---> System.Net.Sockets.SocketException (10061): No connection could be made because the target machine actively refused it.
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
等值。我是Azure AD和令牌验证的新手,请耐心等待我。我有什么想念的吗?谢谢
答案 0 :(得分:0)
该错误是由于应用程序无法连接到Azure AD元数据终结点而引起的。 它需要从一开始就从那里加载配置,包括应用可以用来验证令牌签名的公共密钥。
是某种原因阻止了连接(例如防火墙),或者Azure AD发生了故障(极不可能)。