Azure AD B2C - IDX20803:无法从以下位置获取配置:'System.String'。 (.Net 5 网络 API + angular)

Azure AD B2C - IDX20803: Unable to obtain configuration from: 'System.String'. (.Net 5 Web API + angular)

我有一个 Angular 应用程序和一个 Web Api 应用程序 (.Net 5.0),我需要使用 Azure AD B2C 对用户进行身份验证。因此,当用户需要到达某个受保护的路由时,他将被重定向到 B2C 登录页面,经过身份验证并重定向回 angular 应用程序。这 Angular 部分有效,这里没问题。

现在,当 Angular 应用程序向受保护的网站 API (.Net 5) 发出请求时,该网站 api 应该授权该请求。我以前在以前的 .Net Core 版本中做过这个。但这是闪亮的新 Microsoft Identity Web。而且它不起作用。

设置

appsettings.json 对于 B2C

  "AzureAdB2C": {
    "TenantId": "[Tenant Guid]",
    "Instance": "https://[tenant name].b2clogin.com/",
    "ClientId": "[web api client Id]",
    "Domain": "[tenant name].onmicrosoft.com",
    "SignInPolicyId": "B2C_1_signin"
  },

startup.cs - ConfigureServices()

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
  .AddMicrosoftIdentityWebApi(options =>
  {
    Configuration.Bind("AzureAdB2C", options);

    options.TokenValidationParameters.NameClaimType = "name";
  },
    options => { Configuration.Bind("AzureAdB2C", options); });

// Creating policies that wraps the authorization requirements
services.AddAuthorization();

services.AddApplication();
services.AddInfrastructure(Configuration);

services.AddRouting(options => options.LowercaseUrls = true);
services.AddMemoryCache();

services.AddControllers().AddNewtonsoftJson();

startup.cs - 配置()

...
app.UseRouting();

app.UseAuthentication();
app.UseAuthorization();

app.UseEndpoints(endpoints =>
{
  // endpoints.MapRazorPages();
  endpoints.MapControllers();
});

通过这个设置,我得到的只是非常的描述性错误:

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'. ---> System.IO.IOException: IDX20807: Unable to retrieve document from: 'System.String'. HttpResponseMessage: 'System.Net.Http.HttpResponseMessage', HttpResponseMessage.Content: 'System.String'. at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.AuthenticateAsync() at Microsoft.AspNetCore.Authentication.AuthenticationService.AuthenticateAsync(HttpContext context, String scheme) at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

但后来我将这个“助手”糖配置更改为以下内容:

services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; })
  .AddJwtBearer(jwtOptions =>
  {
    jwtOptions.Authority = $"{Configuration["AzureAdB2C:Instance"]}/{Configuration["AzureAdB2C:TenantId"]}/{Configuration["AzureAdB2C:SignInPolicyId"]}/v2.0/";
    jwtOptions.Audience = Configuration["AzureAdB2C:ClientId"];
    jwtOptions.Events = new JwtBearerEvents
    {
      OnAuthenticationFailed = AuthenticationFailed
    };
});

而且有效!

那么是否有关于如何真正配置 MS Identity Web 的好文档?为什么在异常中没有准确的描述告诉到底缺少什么?

更新

感谢您的回答,但是这个 Identity Web 实现真的很差。

出现此异常的原因是 SignUpSignInPolicyId 未定义或拼写错误!微软团队,你必须把它添加到你的例外中!

  1. 添加有意义的例外情况
  2. 如果我不想使用 SignUpSignIn 政策(我不需要任何陌生人去注册我的应用程序),为什么没有记录和支持它?
  3. 一定要使用可选的日志记录,它会告诉开发人员什么是 wrong/missing!
  4. 使用构建器模式创建配置。那么在特定情况下应该更容易识别配置的哪一部分丢失了。

将应用 settings.json 中的 SignInPolicyId 更改为 SignUpSignInPolicyId

https://docs.microsoft.com/en-us/azure/active-directory-b2c/enable-authentication-web-application?tabs=visual-studio#add-the-app-settings

https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/master/4-WebApp-your-API/4-2-B2C/TodoListService/appsettings.json

结果

 "AzureAdB2C": {
    "Instance": "",
    "Domain": "",
    "TenantId": "",
    "ClientId": "",
    "Authority": "",
    "CallbackPath": "/signin-oidc"

权限缺失。文档真的很差!