C# 如何从Azure ADFS认证的Web应用程序访问受Microsoft Identity Platform保护的Web API?
我已经在我的.NET Core Razor Web应用程序中实现了ADFS身份验证(该应用程序也在Azure AD中注册了相应的应用程序)。我在C# 如何从Azure ADFS认证的Web应用程序访问受Microsoft Identity Platform保护的Web API?,c#,azure,asp.net-core,azure-active-directory,adfs,C#,Azure,Asp.net Core,Azure Active Directory,Adfs,我已经在我的.NET Core Razor Web应用程序中实现了ADFS身份验证(该应用程序也在Azure AD中注册了相应的应用程序)。我在Startup.cs中有以下代码: public void ConfigureServices(IServiceCollection services) { services.AddAuthentication(sharedOptions =>{ sharedOptions.DefaultScheme = CookieAuthentic
Startup.cs
中有以下代码:
public void ConfigureServices(IServiceCollection services) {
services.AddAuthentication(sharedOptions =>{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
}).AddWsFederation(options =>{
options.MetadataAddress = "xxxxx";
options.Wtrealm = "xxxxx";
}).AddCookie();
services.AddRazorPages().AddMvcOptions(options =>{
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
else {
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>{
endpoints.MapRazorPages();
endpoints.MapControllers();
});
}
public void ConfigureServices(IServiceCollection services) {
services.AddMicrosoftIdentityWebApiAuthentication(Configuration);
services.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>{
endpoints.MapControllers();
});
}
现在,我想做的是使用从身份验证获得的令牌调用受microsoft identity保护的API
我找到了以下代码,用于将cookie中的令牌添加到Http头中,从而对客户端进行身份验证:
private async Task PrepareAuthenticatedClient() {
var accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(new[] {
_scopes
});
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
_httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
}
但是,这导致了异常
InvalidOperationException:在尝试激活“ModelName”时,无法解析类型“Microsoft.Identity.Web.ITokenAcquisition”的服务
如果我将Startup.cs
中的ConfigureServices
方法中的代码更改为使用Microsoft Identity Platform而不是WsFederation,如下所示:
services.AddMicrosoftIdentityWebAppAuthentication(Configuration).EnableTokenAcquisitionToCallDownstreamApi(new string[] {
Configuration["Scopes"]
}).AddInMemoryTokenCaches();
令牌获取代码可以工作。但是我失去了ADFS身份验证功能
我希望能够在我的Web应用程序中使用ADFS身份验证,然后使用从身份验证中获得的令牌调用我的Web API中的受保护端点(它在Azure AD中注册了相应的应用程序)。这是正确的方法吗?还是有更好的办法
请在下面找到我在Web API中使用的代码Startup.cs
:
public void ConfigureServices(IServiceCollection services) {
services.AddAuthentication(sharedOptions =>{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
}).AddWsFederation(options =>{
options.MetadataAddress = "xxxxx";
options.Wtrealm = "xxxxx";
}).AddCookie();
services.AddRazorPages().AddMvcOptions(options =>{
var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
else {
app.UseExceptionHandler("/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>{
endpoints.MapRazorPages();
endpoints.MapControllers();
});
}
public void ConfigureServices(IServiceCollection services) {
services.AddMicrosoftIdentityWebApiAuthentication(Configuration);
services.AddControllers();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
if (env.IsDevelopment()) {
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>{
endpoints.MapControllers();
});
}
您是否可以尝试遵循本()教程的代码并在稍后添加UseCookiePolicy()?-因此,我们知道问题所在-是添加的cookie还是任何设置。