我遇到了 Azure 和本地之间的 AzureAd/Graph 配置问题。我在 Visual Studio 和独立 exe 中都在本地使用 Vs2019 .Net Core 5 Identity.Web 1.23。当相同的代码部署到 Azure Web 应用程序时,我能够连接到 Graph 获取我的角色和详细信息,我得到以下信息。
代码:generalException 消息:发送请求时发生错误。值不能为空。(参数“标头”)在 Microsoft.Identity.Web.AppServicesAuthenticationInformation.GetIdToken(IDictionary
2 headers) at Microsoft.Identity.Web.AppServicesAuthenticationTokenAcquisition.GetAuthenticationResultForUserAsync(IEnumerable
1 范围,字符串 authenticationScheme,字符串tenantId,字符串 userFlow,ClaimsPrincipal 用户,TokenAcquisitionOptions tokenAcquisitionOptions) 在 Microsoft.Identity.Web.TokenAcquisitionAuthenticationProvider.AuthenticateRequestAsync(HttpRequestMessage request) 在 Microsoft.Graph.AuthenticationHandler.SendAsync(HttpRequestMessage httpRequestMessage, CancellationToken cancelToken) 在系统。 Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage 请求,HttpCompletionOption 完成选项,布尔异步,布尔 emitTelemetryStartStop,CancellationToken 取消令牌)在 Microsoft.Graph.HttpProvider.SendRequestAsync(HttpRequestMessage 请求,HttpCompletionOption 完成选项,CancellationToken 取消令牌)<Microsoft.Identity.Web
有问题的代码
var initialScopes = Configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' ');
services.AddMicrosoftIdentityWebApiAuthentication(Configuration);
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"))
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.TokenValidationParameters.RoleClaimType = "roles";
});
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
}).AddMicrosoftIdentityUI();
services.AddRazorPages()
.AddMicrosoftIdentityUI();
// Add the UI support to handle claims challenges
services.AddServerSideBlazor()
.AddMicrosoftIdentityConsentHandler();
app.config 供参考
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"ClientCertificates": [
],
"CallbackPath": "/signin-oidc",
"SignedOutCallbackPath ": "/signout-callback-oidc"
},
"DownstreamApi": {
"BaseUrl": "https://graph.microsoft.com/v1.0",
"Scopes": "User.Read"
},
任何为我指明方向的东西都会有所帮助,我已经为此困扰了一个星期。