0

我遇到了 Azure 和本地之间的 AzureAd/Graph 配置问题。我在 Visual Studio 和独立 exe 中都在本地使用 Vs2019 .Net Core 5 Identity.Web 1.23。当相同的代码部署到 Azure Web 应用程序时,我能够连接到 Graph 获取我的角色和详细信息,我得到以下信息。

代码:generalException 消息:发送请求时发生错误。值不能为空。(参数“标头”)在 Microsoft.Identity.Web.AppServicesAuthenticationInformation.GetIdToken(IDictionary2 headers) at Microsoft.Identity.Web.AppServicesAuthenticationTokenAcquisition.GetAuthenticationResultForUserAsync(IEnumerable1 范围,字符串 authenticationScheme,字符串tenantId,字符串 userFlow,ClaimsPrincipal 用户,TokenAcquisitionOptions tokenAcquisitionOptions) 在 Microsoft.Identity.Web.TokenAcquisitionAuthenticationProvider.AuthenticateRequestAsync(HttpRequestMessage request) 在 Microsoft.Graph.AuthenticationHandler.SendAsync(HttpRequestMessage httpRequestMessage, CancellationToken cancelToken) 在系统。 Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage 请求,HttpCompletionOption 完成选项,布尔异步,布尔 emitTelemetryStartStop,CancellationToken 取消令牌)在 Microsoft.Graph.HttpProvider.SendRequestAsync(HttpRequestMessage 请求,HttpCompletionOption 完成选项,CancellationToken 取消令牌)<Microsoft.Identity.Web

有问题的代码

                var initialScopes = Configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' ');
            services.AddMicrosoftIdentityWebApiAuthentication(Configuration);

            JwtSecurityTokenHandler.DefaultMapInboundClaims = false;

            services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"))
                    .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
                        .AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
                        .AddInMemoryTokenCaches();
            services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
            {
                options.TokenValidationParameters.RoleClaimType = "roles";
            });
            services.AddControllersWithViews(options =>
                    {
                        var policy = new AuthorizationPolicyBuilder()
                            .RequireAuthenticatedUser()
                            .Build();
                        options.Filters.Add(new AuthorizeFilter(policy));
                    }).AddMicrosoftIdentityUI();

            services.AddRazorPages()
                  .AddMicrosoftIdentityUI();

            // Add the UI support to handle claims challenges
            services.AddServerSideBlazor()
               .AddMicrosoftIdentityConsentHandler();

app.config 供参考

  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "ClientCertificates": [
    ],
    "CallbackPath": "/signin-oidc",
    "SignedOutCallbackPath ": "/signout-callback-oidc"
  },
  "DownstreamApi": {
    "BaseUrl": "https://graph.microsoft.com/v1.0",
    "Scopes": "User.Read"
  },

任何为我指明方向的东西都会有所帮助,我已经为此困扰了一个星期。

4

0 回答 0