我正在开发 Blazor 服务器端 .Net 5.0 应用程序,该应用程序允许用户在登录后从 Azure AD B2C 中删除用户。我正在使用 this article 中包含的信息。我收到了 Message: Authentication challenge is required.
错误。
我会遗漏什么?
使用 Azure AD B2C 删除用户的代码:
using Microsoft.Graph;
using Microsoft.Graph.Auth;
using Microsoft.Identity.Client;
public async Task DeleteUser(string id)
{
var confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(this.azureADB2C.ClientId)
.WithRedirectUri(this.azureADB2C.RedirectUri)
.WithClientSecret(this.azureADB2C.ClientSecret)
.Build();
var authorizationCodeProvider = new AuthorizationCodeProvider(confidentialClientApplication);
var graphClient = new GraphServiceClient( authorizationCodeProvider );
await graphClient.Users[id].Request().DeleteAsync();
}
AppSettings.json:
"AzureADB2C": {
"Instance": "https://InstaTranscribe.b2clogin.com/",
"Domain": "InstaTranscribe.onmicrosoft.com",
"ClientId": "<ClientId>",
"SignUpSignInPolicyId": "B2C_1_SignUpSignInUserFlow",
"ResetPasswordPolicyId": "B2C_1_PasswordResetUserFlow",
"EditProfilePolicyId": "B2C_1_ProfileEditingUserFlow",
"CallbackPath": "/signin-oidc",
"RedirectUri": "http://localhost:20000/signin-oidc",
"ClientSecret": "<ClientSecret>"
},
异常堆栈:
Status Code: 0
Microsoft.Graph.ServiceException: Code: generalException
Message: An error occurred sending the request.
---> Microsoft.Graph.Auth.AuthenticationException: Code: authenticationChallengeRequired
Message: Authentication challenge is required.
at Microsoft.Graph.Auth.AuthorizationCodeProvider.AuthenticateRequestAsync(HttpRequestMessage httpRequestMessage)
at Microsoft.Graph.AuthenticationHandler.SendAsync(HttpRequestMessage httpRequestMessage, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
at Microsoft.Graph.HttpProvider.SendRequestAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at Microsoft.Graph.HttpProvider.SendRequestAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)
at Microsoft.Graph.HttpProvider.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)
at Microsoft.Graph.BaseRequest.SendRequestAsync(Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption)
at Microsoft.Graph.BaseRequest.SendAsync[T](Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption)
at Microsoft.Graph.UserRequest.DeleteAsync(CancellationToken cancellationToken)
at Services.SecurityService.DeleteUser(String id) in C:\temp\InstaTranscribeServerSide\Services\SecurityService.cs:line 109
at InstaTranscribeServerSide.Pages.DeleteAccountComponent.EditForm_OnValidSubmit() in C:\temp\InstaTranscribeServerSide\server\Pages\DeleteAccount.razor.designer.cs:line 62
更新 1:
堆栈跟踪:
Status Code: Unauthorized
Microsoft.Graph.ServiceException: Code: Authorization_IdentityNotFound
Message: The identity of the calling application could not be established.
Inner error:
AdditionalData:
date: 2021-04-12T04:15:43
request-id: 758804d0-075b-4946-94cb-af7241feedd1
client-request-id: 758804d0-075b-4946-94cb-af7241feedd1
ClientRequestId: 758804d0-075b-4946-94cb-af7241feedd1
at Microsoft.Graph.HttpProvider.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)
at Microsoft.Graph.BaseRequest.SendRequestAsync(Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption)
at Microsoft.Graph.BaseRequest.SendAsync[T](Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption)
at Microsoft.Graph.UserRequest.DeleteAsync(CancellationToken cancellationToken)
at Services.SecurityService.DeleteUser(String id) in C:\temp\InstaTranscribeServerSide\Services\SecurityService.cs:line 109
at InstaTranscribeServerSide.Pages.DeleteAccountComponent.EditForm_OnValidSubmit() in C:\temp\InstaTranscribeServerSide\server\Pages\DeleteAccount.razor.designer.cs:line 62
答案 0 :(得分:1)
您似乎想使用应用程序令牌(您在应用注册中分配应用程序权限)删除用户。
在这种情况下,您应该使用 ClientCredentialProvider
而不是 AuthorizationCodeProvider
。
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenantID)
.WithClientSecret(clientSecret)
.Build();
ClientCredentialProvider authenticationProvider = new ClientCredentialProvider(confidentialClientApplication);
var graphClient = new GraphServiceClient(authenticationProvider);
不要忘记在 Azure 门户上单击“授予{您的租户}的管理员同意”。