Azure AD Multi Tenant ,.Net Core Web API with MSAL(Microsoft Authentication Libary)
我相信我有 Microsoft 身份验证库 (MSAL) JavaScript 拉回 JWT 令牌,使用具有以下配置的 azure AD 多租户。
基于此链接 https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant。我相信我只需要以下两个值。
1 2 | clientId:"A134d6c8-8078-2924-9e90-98cef862eb9a" // this would be the app registrations client id(application) authority:"https://login.microsoftonline.com/common" |
然后我如何配置一个 .net core 3 web api,它可以处理这个 JWT 令牌并通过我传递 Authorization: Bearer 标头来验证 [Authorize] 端点。
我目前在响应中收到此错误,这不是很有帮助!
1 2 3 4 5 | AuthenticationFailed: IDX10511: Signature validation failed. Keys tried: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. kid: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. Exceptions caught: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. token: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. |
Startup.cs代码如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 | using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.IdentityModel.Tokens; namespace MultiTenantApi { public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddCors(x => { x.AddDefaultPolicy(cfg => { cfg.AllowAnyOrigin() .AllowAnyHeader() .AllowAnyMethod(); }); }); services.AddAuthentication(cfg => { cfg.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; cfg.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(opt => { opt.Authority ="https://login.microsoftonline.com/common"; opt.Audience ="api://A134d6c8-8078-2924-9e90-98cef862eb9a"; // Set this to the App ID URL for the web API, which you created when you registered the web API with Azure AD. opt.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false }; opt.Events = new JwtBearerEvents() { OnAuthenticationFailed = AuthenticationFailed }; }); services.AddControllers(); } private Task AuthenticationFailed(AuthenticationFailedContext arg) { // For debugging purposes only! var s = $"AuthenticationFailed: {arg.Exception.Message}"; arg.Response.ContentLength = s.Length; arg.Response.Body.WriteAsync(Encoding.UTF8.GetBytes(s), 0, s.Length); return Task.FromResult(0); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseHttpsRedirection(); app.UseStaticFiles(); // Added app.UseRouting(); app.UseCors(); //Added app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); } } } |
在您的
参考: