英文:
Azure Active Directory B2C accessing configuration file by static link error
问题
我正在使用Azure Active Directory B2C进行Azure外部授权。一切都运行良好,直到19日星期五,突然间我的后端无法响应,因为无法从静态链接接收配置信息。
有趣的是,这个链接完全可用,在浏览器中使用此URL时可以打开JSON文件,但我的后端无法访问它。
暂时的解决方法是将此文件加载到AWS的S3存储桶中,以获取其公共URL,并将链接更改为我的应用程序配置中的此文件。但这个决策不够优雅,我想弄清楚问题所在。
堆栈:.Net Framework 4.6.2。
我的项目设置中的配置文件链接:
<add key="ida:AadInstance" value="https://xxx.b2clogin.com/{0}/v2.0/.well-known/openid-configuration?p={1}" />
英文:
I'm using Azure Active Directory B2C for external authorization by Azure.
Everything was working fine until Friday 19 when suddenly my backend could not respond because it couldn't receive configuration info from a static link.
The interesting thing, this link is fully workable, it opens json file when go by this URL in the browser, but my backend cannot access it.
The temporary decision was to load this file to the s3 bucket on AWS to get its public URL and change the link to this file in my application configuration. But this decision is ugly, and I want to figure out what the problem is.
Stack: .Net Framework 4.6.2.
Link to configuration file in my project settings:
<add key="ida:AadInstance" value="https://xxx.b2clogin.com/{0}/v2.0/.well-known/openid-configuration?p={1}" />
答案1
得分: 1
是的,对于高于4.6.x版本的Dotnet框架,必须升级tls版本。我成功通过使用tls版本1.2绕过了错误。
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
请检查以下内容:
Startup.cs:
// 请保留原有的代码,不要翻译
Appsettings.json:
// 请保留原有的代码,不要翻译
确保最新的框架已升级到最新的补丁,并检查网络连接。然后程序可以在Azure AD B2C下成功运行。
英文:
Yes for the Dotnet framework later than 4.6.x must have the upgraded tls version.
I could successfully bypass the error by using tls version 1.2
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
Check the following:
Startup.cs:
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;
namespace WebApp_OpenIDConnect_DotNet
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookiePolicyOptions>(options =>
{
// This lambda determines whether user consent for non-essential cookies is needed for a given request.
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
// Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
options.HandleSameSiteCookieCompatibility();
});
// Configuration to sign-in users with Azure AD B2C
services.AddMicrosoftIdentityWebAppAuthentication(Configuration, Constants.AzureAdB2C);
services.AddControllersWithViews()
.AddMicrosoftIdentityUI();
services.AddRazorPages();
//Configuring appsettings section AzureAdB2C, into IOptions
services.AddOptions();
services.Configure<OpenIdConnectOptions>(Configuration.GetSection("AzureAdB2C"));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12; //add this tls
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
endpoints.MapRazorPages();
});
}
}
}
Appsettings.json
{
"AzureAdB2C": {
"Instance": "https://xxxab2c.b2clogin.com",
"ClientId": "xxx",
"Domain": "xxb2c.onmicrosoft.com",
"SignedOutCallbackPath": "/signout/B2C_1_susi",
"SignUpSignInPolicyId": "b2c_1_susi",
"ResetPasswordPolicyId": "b2c_1_reset",
"EditProfilePolicyId": "b2c_1_edit_profile" // Optional profile editing policy
//"CallbackPath": "/signin/B2C_1_sign_up_in" // defaults to /signin-oidc
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*"
}
Ensure the latest frameworks are upgraded with latest patches and also check for the network connectivity.
Then the program can be run successfully with azure ad b2c
答案2
得分: 0
问题出在TLS版本上。我的应用程序默认使用了TLS 1.1版本。我认为Azure悄悄地弃用了TLS 1.1版本,所有请求都被跳过,状态码为426 Upgrade required。
解决方案是在我的项目中将TLS版本更改为1.2。
以下代码解决了我的问题:
public void SetAppropriateTlsVersion()
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;
}
英文:
Okay, the problem was in the TLS version. My application used the TLS 1.1 version by default. I think Azure silently deprecated TLS 1.1 version, and all requests are skipped with status code 426 Upgrade required.
The solution was to change the TLS version to 1.2 in my project.
The following code resolved my problem:
public void SetAppropriateTlsVersion()
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论