C# 如何从Azure ADFS认证的Web应用程序访问受Microsoft Identity Platform保护的Web API？

我已经在我的.NET Core Razor Web应用程序中实现了ADFS身份验证（该应用程序也在Azure AD中注册了相应的应用程序）。我在

Startup.cs

中有以下代码：

public void ConfigureServices(IServiceCollection services) {
  services.AddAuthentication(sharedOptions =>{
    sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
  }).AddWsFederation(options =>{
    options.MetadataAddress = "xxxxx";
    options.Wtrealm = "xxxxx";
  }).AddCookie();

  services.AddRazorPages().AddMvcOptions(options =>{
    var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
    options.Filters.Add(new AuthorizeFilter(policy));
  });
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
  if (env.IsDevelopment()) {
    app.UseDeveloperExceptionPage();
  }
  else {
    app.UseExceptionHandler("/Error");
    app.UseHsts();
  }

  app.UseHttpsRedirection();
  app.UseStaticFiles();
  app.UseCookiePolicy();

  app.UseRouting();

  app.UseAuthentication();
  app.UseAuthorization();

  app.UseEndpoints(endpoints =>{
    endpoints.MapRazorPages();
    endpoints.MapControllers();
  });
}

public void ConfigureServices(IServiceCollection services) {
  services.AddMicrosoftIdentityWebApiAuthentication(Configuration);
  services.AddControllers();
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
  if (env.IsDevelopment()) {
    app.UseDeveloperExceptionPage();
  }

  app.UseHttpsRedirection();

  app.UseRouting();

  app.UseAuthentication();
  app.UseAuthorization();

  app.UseEndpoints(endpoints =>{
    endpoints.MapControllers();
  });
}

现在，我想做的是使用从身份验证获得的令牌调用受microsoft identity保护的API

我找到了以下代码，用于将cookie中的令牌添加到Http头中，从而对客户端进行身份验证：

private async Task PrepareAuthenticatedClient() {
  var accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(new[] {
    _scopes
  });
  _httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
  _httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
}

但是，这导致了异常

InvalidOperationException:在尝试激活“ModelName”时，无法解析类型“Microsoft.Identity.Web.ITokenAcquisition”的服务

如果我将

Startup.cs

中的

ConfigureServices

方法中的代码更改为使用Microsoft Identity Platform而不是WsFederation，如下所示：

services.AddMicrosoftIdentityWebAppAuthentication(Configuration).EnableTokenAcquisitionToCallDownstreamApi(new string[] {
  Configuration["Scopes"]
}).AddInMemoryTokenCaches();

令牌获取代码可以工作。但是我失去了ADFS身份验证功能

我希望能够在我的Web应用程序中使用ADFS身份验证，然后使用从身份验证中获得的令牌调用我的Web API中的受保护端点（它在Azure AD中注册了相应的应用程序）。这是正确的方法吗？还是有更好的办法

请在下面找到我在Web API中使用的代码

Startup.cs

：

public void ConfigureServices(IServiceCollection services) {
  services.AddAuthentication(sharedOptions =>{
    sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    sharedOptions.DefaultChallengeScheme = WsFederationDefaults.AuthenticationScheme;
  }).AddWsFederation(options =>{
    options.MetadataAddress = "xxxxx";
    options.Wtrealm = "xxxxx";
  }).AddCookie();

  services.AddRazorPages().AddMvcOptions(options =>{
    var policy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
    options.Filters.Add(new AuthorizeFilter(policy));
  });
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
  if (env.IsDevelopment()) {
    app.UseDeveloperExceptionPage();
  }
  else {
    app.UseExceptionHandler("/Error");
    app.UseHsts();
  }

  app.UseHttpsRedirection();
  app.UseStaticFiles();
  app.UseCookiePolicy();

  app.UseRouting();

  app.UseAuthentication();
  app.UseAuthorization();

  app.UseEndpoints(endpoints =>{
    endpoints.MapRazorPages();
    endpoints.MapControllers();
  });
}

public void ConfigureServices(IServiceCollection services) {
  services.AddMicrosoftIdentityWebApiAuthentication(Configuration);
  services.AddControllers();
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env) {
  if (env.IsDevelopment()) {
    app.UseDeveloperExceptionPage();
  }

  app.UseHttpsRedirection();

  app.UseRouting();

  app.UseAuthentication();
  app.UseAuthorization();

  app.UseEndpoints(endpoints =>{
    endpoints.MapControllers();
  });
}

您是否可以尝试遵循本（）教程的代码并在稍后添加UseCookiePolicy（）？-因此，我们知道问题所在-是添加的cookie还是任何设置。