如何设置 app.UseOAuthBearerAuthentication 以处理不同的 Azure B2C 自定义策略?
How to setup app.UseOAuthBearerAuthentication for handling different Azure B2C custom policies?
我读了这篇文章:Secure ASP.NET Web API 2 using Azure AD B2C – Part 2
在第 3 步 app.UseOAuthBearerAuthentication 被调用 3 次...每个策略调用一次。
我只使用 2 个策略进行测试:SignInPolicyId 和 SignUpPolicyId。
但是当我这样做时:
app.UseOAuthBearerAuthentication(CreateBearerOptionsForPolicy(SignInPolicyId))
app.UseOAuthBearerAuthentication(CreateBearerOptionsForPolicy(SignUpPolicyId));
并传递 Provider 及其 OnValidateIdentity 来处理验证声明等。然后我尝试按如下策略进行过滤:
private OAuthBearerAuthenticationOptions CreateBearerOptionsForPolicy(string policy)
{
var metadataEndpoint = string.Format(AadInstance, TenantId, policy);
TokenValidationParameters tvps = new TokenValidationParameters
{
// This is where you specify that your API only accepts tokens from its own clients
ValidAudience = ClientId,
AuthenticationType = policy,
NameClaimType = "http://schemas.microsoft.com/identity/claims/objectidentifier",
ValidateIssuer = true
};
return new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new JwtFormat(tvps, new OpenIdConnectCachingSecurityTokenProvider(metadataEndpoint)),
Provider = new OAuthBearerAuthenticationProvider
{
OnValidateIdentity = async context =>
{
try
{
var policyName = identity.FindFirst("http://schemas.microsoft.com/claims/authnclassreference")?.Value;
if (policyName == B2CSignInPolicyId.ToLower()) // Sign In Only policy...
{
// Run specific code here for the policy that just sent a token back to the application...
}
问题:正在执行@Azure B2C的策略,也就是我调用的是Sign In策略,但是provider代码被调用两次。我注册的每项保单一次,包括 Sign Up 一项。
问题:是否有更好的方法来执行此操作,以便我们执行正确的 Provider?如果 Sign In 策略被调用,则只执行 Sign In 提供程序,反之亦然。
编辑:
我遇到了此处描述的相同问题(序列包含多个元素):http://bitoftech.net/2016/08/24/secure-aspnet-web-api-2-azure-ad-b2c/#comment-96913
这是例外情况:
at System.Linq.Enumerable.SingleOrDefault[TSource](IEnumerable`1
source)\r\n at
Microsoft.Owin.Security.AuthenticationManager.d__20.MoveNext()\r\n---
End of stack trace from previous location where exception was thrown
---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task)\r\n at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)\r\n at
System.Web.Http.HostAuthenticationFilter.d__4.MoveNext()\r\n---
End of stack trace from previous location where exception was thrown
---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task)\r\n at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)\r\n at
System.Web.Http.Controllers.AuthenticationFilterResult.d__5.MoveNext()\r\n---
End of stack trace from previous location where exception was thrown
---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task
task)\r\n at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)\r\n at
System.Web.Http.Controllers.ExceptionFilterResult.d__6.MoveNext()
我读了这篇文章:Secure ASP.NET Web API 2 using Azure AD B2C – Part 2
在第 3 步 app.UseOAuthBearerAuthentication 被调用 3 次...每个策略调用一次。
我只使用 2 个策略进行测试:SignInPolicyId 和 SignUpPolicyId。
但是当我这样做时:
app.UseOAuthBearerAuthentication(CreateBearerOptionsForPolicy(SignInPolicyId))
app.UseOAuthBearerAuthentication(CreateBearerOptionsForPolicy(SignUpPolicyId));
并传递 Provider 及其 OnValidateIdentity 来处理验证声明等。然后我尝试按如下策略进行过滤:
private OAuthBearerAuthenticationOptions CreateBearerOptionsForPolicy(string policy)
{
var metadataEndpoint = string.Format(AadInstance, TenantId, policy);
TokenValidationParameters tvps = new TokenValidationParameters
{
// This is where you specify that your API only accepts tokens from its own clients
ValidAudience = ClientId,
AuthenticationType = policy,
NameClaimType = "http://schemas.microsoft.com/identity/claims/objectidentifier",
ValidateIssuer = true
};
return new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new JwtFormat(tvps, new OpenIdConnectCachingSecurityTokenProvider(metadataEndpoint)),
Provider = new OAuthBearerAuthenticationProvider
{
OnValidateIdentity = async context =>
{
try
{
var policyName = identity.FindFirst("http://schemas.microsoft.com/claims/authnclassreference")?.Value;
if (policyName == B2CSignInPolicyId.ToLower()) // Sign In Only policy...
{
// Run specific code here for the policy that just sent a token back to the application...
}
问题:正在执行@Azure B2C的策略,也就是我调用的是Sign In策略,但是provider代码被调用两次。我注册的每项保单一次,包括 Sign Up 一项。
问题:是否有更好的方法来执行此操作,以便我们执行正确的 Provider?如果 Sign In 策略被调用,则只执行 Sign In 提供程序,反之亦然。
编辑:
我遇到了此处描述的相同问题(序列包含多个元素):http://bitoftech.net/2016/08/24/secure-aspnet-web-api-2-azure-ad-b2c/#comment-96913
这是例外情况:
at System.Linq.Enumerable.SingleOrDefault[TSource](IEnumerable`1 source)\r\n at Microsoft.Owin.Security.AuthenticationManager.d__20.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.HostAuthenticationFilter.d__4.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.AuthenticationFilterResult.d__5.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ExceptionFilterResult.d__6.MoveNext()