2

我正在尝试建立一个新的 Blazor 项目 - 我认为是客户端。我还设置了 Blazor 应用程序可以连接到的 Web API,以便检索或发布数据。Blazor 应用程序可以通过 Azure B2C 进行身份验证并显示用户已登录...但是,关键是我无法将 Blazor 应用程序设置为针对 API 获取或发布成功的经过身份验证的请求...它总是返回未经授权的.

从技术上讲,我正在考虑 Blazor 应用程序进行身份验证,但需要获取一个访问令牌,然后需要将其附加到对 [Authorized] 的 Web API 的请求......但是如何在 C# 中使用 Blazor 实现它......我不知道。

我看过引用 JWT Bearer Tokens 的文档……这是我应该追求的吗?

我正在使用最新版本的 Blazor(当前为 3.something-preview)...我使用 Visual Studio 模板选择身份验证来设置 Blazor 项目和 Web API,并为 Azure B2C 使用相同的设置。

这是我用来调用 API 的代码:

@code {
    private WeatherForecast[] forecasts;

    protected override async Task OnInitializedAsync()
    {
        var responseJson = await Http.GetStringAsync("https://my-webapi.azurewebsites.net/WeatherForecast/");
        forecasts = JsonConvert.DeserializeObject<WeatherForecast[]>(responseJson);
    }
}

我很确定我需要将上面的内容更改为 HttpMessage 以便我可以在标头中包含令牌...

WebApi 控制器并不多,但它就在这里。

  using System;
  using System.Collections.Generic;
  using System.Linq;
  using System.Threading.Tasks;
  using Microsoft.AspNetCore.Authorization;
  using Microsoft.AspNetCore.Mvc;
  using Microsoft.Extensions.Logging;

  namespace Journal.WebApi.Controllers
  {
      [Authorize]
      [ApiController]
      [Route("[controller]")]
      public class WeatherForecastController : ControllerBase
      {
          private static readonly string[] Summaries = new[]
          {
              "Freezing", "Windy" 
              //"Bracing", "Chilly", "Cool", "Cold","Mild", "Sprinkling","Raining", "Misty", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
          };

          private readonly ILogger<WeatherForecastController> _logger;

          public WeatherForecastController(ILogger<WeatherForecastController> logger)
          {
              _logger = logger;
          }

          [HttpGet]
          public IEnumerable<WeatherForecast> Get()
          {
              var rng = new Random();
              return Enumerable.Range(1, 5).Select(index => new WeatherForecast
              {
                  Date = DateTime.Now.AddDays(index),
                  TemperatureC = rng.Next(-20, 55),
                  Summary = Summaries[rng.Next(Summaries.Length)]
              })
              .ToArray();
          }
      }
  }

这是我的 Blazor 启动文件,以防万一……

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Net.Http;
    using System.Threading.Tasks;
    using Microsoft.AspNetCore.Authentication;
    using Microsoft.AspNetCore.Authentication.AzureADB2C.UI;
    using Microsoft.AspNetCore.Builder;
    using Microsoft.AspNetCore.Components;
    using Microsoft.AspNetCore.Hosting;
    using Microsoft.AspNetCore.HttpsPolicy;
    using Microsoft.Extensions.Configuration;
    using Microsoft.Extensions.DependencyInjection;
    using Microsoft.Extensions.Hosting;
    using Journal.Blazor.Data;
    using Microsoft.AspNetCore.Authentication.JwtBearer;
    using Microsoft.IdentityModel.Tokens;
    using System.Text;

    namespace Journal.Blazor
    {
        public class Startup
        {
            public Startup(IConfiguration configuration)
            {
                Configuration = configuration;
            }

            public IConfiguration Configuration { get; }

            // This method gets called by the runtime. Use this method to add services to the container.
            // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
            public void ConfigureServices(IServiceCollection services)
            {
                services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
                    .AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));

                services.AddRazorPages();
                services.AddServerSideBlazor();

                //ToDo:  only do this when in dev
                services.AddServerSideBlazor().AddCircuitOptions(options => { options.DetailedErrors = true; });

                // Server Side Blazor doesn't register HttpClient by default
                if (!services.Any(x => x.ServiceType == typeof(HttpClient)))
                {
                    // Setup HttpClient for server side in a client side compatible fashion
                    services.AddScoped<HttpClient>(s =>
                    {
                        // Creating the URI helper needs to wait until the JS Runtime is initialized, so defer it.      
                        var uriHelper = s.GetRequiredService<NavigationManager>();
                        return new HttpClient
                        {
                            BaseAddress = new Uri(uriHelper.BaseUri)
                        };
                    });
                }
            }

            // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
            public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
            {
                if (env.IsDevelopment())
                {
                    app.UseDeveloperExceptionPage();
                }
                else
                {
                    app.UseExceptionHandler("/Error");
                    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                    app.UseHsts();
                }

                app.UseHttpsRedirection();
                app.UseStaticFiles();

                app.UseRouting();

                app.UseAuthentication();
                app.UseAuthorization();

                app.UseEndpoints(endpoints =>
                {
                    endpoints.MapControllers();
                    endpoints.MapBlazorHub();
                    endpoints.MapFallbackToPage("/_Host");
                });
            }
        }
    }

预先感谢您的帮助!

4

0 回答 0