Entity Framework with B2C Auth redirects to empty page, when called with postman "url-missmatch"

huangapple go评论68阅读模式
英文:

Entity Framework with B2C Auth redirects to empty page, when called with postman "url-missmatch"

问题

我的第一个问题:是否正确重定向并且窗口保持空白?

我的第二个问题:为什么会出现"URI MISSMATCH"(URI不匹配)?

这是我的API配置:

{
  "AzureAdB2C": {
    "Instance": "https://xxx.b2clogin.com",
    "ClientId": "yyyy",
    "Domain": "ccc.onmicrosoft.co",
    "SignedOutCallbackPath": "/signout-oidc",
    "SignUpSignInPolicyId": "B2C_1_Client"
  },
  "ConnectionStrings": {
    "DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=NewDb;Trusted_Connection=True"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}

这是我的API启动代码:

var builder = WebApplication.CreateBuilder(args);
var connectionString = builder.Configuration.GetConnectionString("DefaultConnection1");

if (connectionString == null)
{
    throw new ApplicationException("DefaultConnection is not set");
}

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureADB2C"));

builder.Services.AddAuthorization(options =>
{
    // 默认情况下,所有传入请求将根据默认策略进行授权
    options.FallbackPolicy = options.DefaultPolicy;
});

builder.Services.AddDbContext<MigrationDbContext>(options => options.UseSqlServer(connectionString));
builder.Services.AddDatasyncControllers();

var app = builder.Build();

// 初始化数据库
using (var scope = app.Services.CreateScope())
{
    var context = scope.ServiceProvider.GetRequiredService<MigrationDbContext>();
    //await context.InitializeDatabaseAsync().ConfigureAwait(false);
}

// 配置并运行Web服务。
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();

问题可能出现在多个地方,包括身份验证配置、跳转URI匹配和应用程序启动代码。您可能需要仔细检查这些部分以查找问题的根本原因。

英文:

When I try to make the following API call:

https://skillbasedmiddleware.azurewebsites.net/tables/useritem?$filter=(email eq &#39;55@55.de&#39;)

I'm redirected to a "logging on" window, but then stays empty.

When I try to make a request to the URL via postman (without any auth token) I am getting:

&lt;input type=&#39;hidden&#39; name=&#39;error&#39; id=&#39;error&#39; value=&#39;redirect_uri_mismatch&#39;/&gt;
&lt;input type=&#39;hidden&#39; name=&#39;error_description&#39; id=&#39;error_description&#39; value=&#39;AADB2C90006: The redirect URI&amp;#39;https://skillbasedmiddleware.azurewebsites.net/signin-oidc&amp;#39; provided in the request is not registered for the client id &amp;#39;XXX;. Correlation ID: 586439a6-0be6-45f1-aab2-b382dcb8f935&#39; /&gt;

My first question: Is it right that I am redirected and that the window stays blank?
My second question: Why is there a "URI MISSMATCH"?

Here is my API configuration:

{
  &quot;AzureAdB2C&quot;: {
    &quot;Instance&quot;: &quot;https://xxx.b2clogin.com&quot;,
    &quot;ClientId&quot;: &quot;yyyy&quot;,
    &quot;Domain&quot;: &quot;ccc.onmicrosoft.co&quot;,
    &quot;SignedOutCallbackPath&quot;: &quot;/signout-oidc&quot;,
    &quot;SignUpSignInPolicyId&quot;: &quot;B2C_1_Client&quot;
  },
  &quot;ConnectionStrings&quot;: {
    &quot;DefaultConnection&quot;: &quot;Server=(localdb)\\mssqllocaldb;Database=NewDb;Trusted_Connection=True&quot;
  },
  &quot;Logging&quot;: {
    &quot;LogLevel&quot;: {
      &quot;Default&quot;: &quot;Information&quot;,
      &quot;Microsoft.AspNetCore&quot;: &quot;Warning&quot;
    }
  },
  &quot;AllowedHosts&quot;: &quot;*&quot;
}

Here is my API startup code:

var builder = WebApplication.CreateBuilder(args);
var connectionString = builder.Configuration.GetConnectionString(&quot;DefaultConnection1&quot;);
    
if (connectionString == null)
{
    throw new ApplicationException(&quot;DefaultConnection is not set&quot;);
}

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection(&quot;AzureADB2C&quot;));
    
builder.Services.AddAuthorization(options =&gt;
{
    // By default, all incoming requests will be authorized according to 
    // the default policy
    options.FallbackPolicy = options.DefaultPolicy;
});
    
builder.Services.AddDbContext&lt;MigrationDbContext&gt;(options =&gt; options.UseSqlServer(connectionString));
builder.Services.AddDatasyncControllers();
    
var app = builder.Build();
    
// Initialize the database
using (var scope = app.Services.CreateScope())
{
    var context = scope.ServiceProvider.GetRequiredService&lt;MigrationDbContext&gt;();
    //await context.InitializeDatabaseAsync().ConfigureAwait(false);
}
    
// Configure and run the web service.
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();

Where could the issue be coming from?

答案1

得分: 1

如果你正在尝试创建一个API,那么不应该被重定向到B2C,而应该收到401未经授权的响应。

看起来这是因为你已经配置你的API以 Web应用 的身份进行身份验证 (AddMicrosoftIdentityWebApp),而不是 Web API (AddMicrosoftIdentityWebApi)。

这个链接 应该提供了一个使用B2C设置的示例,但你需要做以下几步:

  1. 在B2C中创建一个代表你的MAUI应用的应用程序注册(我认为你已经完成了这一步)
  2. 在B2C中创建一个代表你的API的应用程序注册
  3. 从你的API应用程序注册中公开权限,以便在你的API代码中限制访问
  4. 将这些权限授予你的MAUI应用程序注册
  5. 配置你的API应用程序以验证API调用
  6. 当MAUI应用程序请求用户令牌时,将你的API应用程序注册作为一个额外的作用域包含(在第3步中公开权限时应该告诉你使用什么值)
  7. 在所有的API请求中传递你收到的用于API的访问令牌
英文:

If you're trying to make an API then no, it's not right that you're being redirected to B2C, you should be receiving a 401 Unauthorized response instead.

It looks like this is happening because you've configured your API to authenticate as a web app (AddMicrosoftIdentityWebApp), rather than a web API (AddMicrosoftIdentityWebApi).

This link should provide an example of setting that up using B2C but you'll need to:

  1. Create an app registration in B2C representing your MAUI app (I think you've already done this)
  2. Create an app registration in B2C representing your API
  3. Expose permissions from your API app registration that you can use to restrict access in your API code
  4. Grant those permissions to your MAUI app registration
  5. Configure your API app to authenticate API calls.
  6. When the MAUI app requests tokens for your user include your API app registration as an additional scope (you should be told what value to use when exposing permissions in step 3)
  7. Pass the access_token you receive for your API with all of your API requests

huangapple
  • 本文由 发表于 2023年6月27日 20:38:30
  • 转载请务必保留本文链接:https://go.coder-hub.com/76564957.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定