ASP Net Core 调用 Azure B2C 策略
ASP Net Core call Azure B2C policy
我花了几天时间弄清楚如何从 ASP 网络核心正确调用 Azure B2C policy/user 流。
我们可以调用 B2C 登录并注册自定义策略。
我们对更改密码和创建的其他自定义策略实施了相同的方法。
但是,当我们调用其他自定义策略(不包含在下面的代码中但实现相同)时,我们遇到了不同的错误。
每当我们修复错误时都会出现新错误。
这让我认为我们没有以正确的方式调用 B2C 自定义 polcies/user 流程。
我可以知道下面的代码是否正确,或者你可以建议一个更好的方法。
谢谢。
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => HostingEnvironment.IsProduction();
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect("B2C_1A_SignIn", options =>
{
options.Authority = $"https://{Configuration["B2C_1A_SignIn:Domain"]}";
options.MetadataAddress = $"https://{Configuration["B2C_1A_SignIn:MetadataAddress"]}";
// Configure the Auth0 Client ID and Client Secret
options.ClientId = Configuration["B2C_1A_SignIn:ClientId"];
options.ClientSecret = Configuration["B2C_1A_SignIn:ClientSecret"];
// Set response type to code
options.ResponseType = OpenIdConnectResponseType.IdToken;
// Configure the scope
options.Scope.Clear();
options.Scope.Add("openid");
// Set the callback path, so Auth0 will call back to http://localhost:3000/callback
// Also ensure that you have added the URL as an Allowed Callback URL in your Auth0 dashboard
options.CallbackPath = new PathString("/Home");
// Configure the Claims Issuer to be Auth0
options.ClaimsIssuer = "B2C_1A_SignIn";
// Saves tokens to the AuthenticationProperties
options.SaveTokens = true;
})
.AddOpenIdConnect("B2C_1A_ChangePassword", options =>
{
options.Authority = $"https://{Configuration["B2C_1A_ChangePassword:Domain"]}";
options.MetadataAddress = $"https://{Configuration["B2C_1A_ChangePassword:MetadataAddress"]}";
options.ClientId = Configuration["B2C_1A_ChangePassword:ClientId"];
options.ClientSecret = Configuration["B2C_1A_ChangePassword:ClientSecret"];
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.CallbackPath = new PathString("/Home");
options.ClaimsIssuer = "B2C_1A_ChangePassword";
options.SaveTokens = true;
})
);
}
HomeController.cs
public async Task SignIn()
{
await HttpContext.ChallengeAsync("B2C_1A_SignIn", new AuthenticationProperties() { RedirectUri = "/home" });
}
[Authorize]
public async Task ChangePassword()
{
await HttpContext.ChallengeAsync("B2C_1A_ChangePassword", new AuthenticationProperties() { RedirectUri = "/home" });
}
您的回调路径可能至少需要更改。指定回调路径,例如 /signin-callback 和 /change-pw-callback.
它们不需要匹配您应用中的操作。在您被重定向回您的应用后,身份验证方案通常会向您指定的 URL(或当前 URL)发出“本地重定向”。
我花了几天时间弄清楚如何从 ASP 网络核心正确调用 Azure B2C policy/user 流。 我们可以调用 B2C 登录并注册自定义策略。
我们对更改密码和创建的其他自定义策略实施了相同的方法。 但是,当我们调用其他自定义策略(不包含在下面的代码中但实现相同)时,我们遇到了不同的错误。 每当我们修复错误时都会出现新错误。
这让我认为我们没有以正确的方式调用 B2C 自定义 polcies/user 流程。 我可以知道下面的代码是否正确,或者你可以建议一个更好的方法。
谢谢。
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => HostingEnvironment.IsProduction();
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect("B2C_1A_SignIn", options =>
{
options.Authority = $"https://{Configuration["B2C_1A_SignIn:Domain"]}";
options.MetadataAddress = $"https://{Configuration["B2C_1A_SignIn:MetadataAddress"]}";
// Configure the Auth0 Client ID and Client Secret
options.ClientId = Configuration["B2C_1A_SignIn:ClientId"];
options.ClientSecret = Configuration["B2C_1A_SignIn:ClientSecret"];
// Set response type to code
options.ResponseType = OpenIdConnectResponseType.IdToken;
// Configure the scope
options.Scope.Clear();
options.Scope.Add("openid");
// Set the callback path, so Auth0 will call back to http://localhost:3000/callback
// Also ensure that you have added the URL as an Allowed Callback URL in your Auth0 dashboard
options.CallbackPath = new PathString("/Home");
// Configure the Claims Issuer to be Auth0
options.ClaimsIssuer = "B2C_1A_SignIn";
// Saves tokens to the AuthenticationProperties
options.SaveTokens = true;
})
.AddOpenIdConnect("B2C_1A_ChangePassword", options =>
{
options.Authority = $"https://{Configuration["B2C_1A_ChangePassword:Domain"]}";
options.MetadataAddress = $"https://{Configuration["B2C_1A_ChangePassword:MetadataAddress"]}";
options.ClientId = Configuration["B2C_1A_ChangePassword:ClientId"];
options.ClientSecret = Configuration["B2C_1A_ChangePassword:ClientSecret"];
options.ResponseType = OpenIdConnectResponseType.IdToken;
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.CallbackPath = new PathString("/Home");
options.ClaimsIssuer = "B2C_1A_ChangePassword";
options.SaveTokens = true;
})
);
}
HomeController.cs
public async Task SignIn()
{
await HttpContext.ChallengeAsync("B2C_1A_SignIn", new AuthenticationProperties() { RedirectUri = "/home" });
}
[Authorize]
public async Task ChangePassword()
{
await HttpContext.ChallengeAsync("B2C_1A_ChangePassword", new AuthenticationProperties() { RedirectUri = "/home" });
}
您的回调路径可能至少需要更改。指定回调路径,例如 /signin-callback 和 /change-pw-callback.
它们不需要匹配您应用中的操作。在您被重定向回您的应用后,身份验证方案通常会向您指定的 URL(或当前 URL)发出“本地重定向”。