AuthenticationResponseChallenge

AuthenticationResponseChallenge

本文介绍了Azure B2C问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已经与Azure B2C合作了几天,并遇到了一些问题和疑问:

I've been working with the Azure B2C for a couple of days now and have a few issues and questions:

    它创建以重定向以进行登录的
  1. Url格式不正确.它两次包含一个问号-在url之后,再在配置文件名称之后.每次登录,注销等时,这都会导致404 not found错误.例如,它尝试重定向到登录的URL如下所示: https://login.microsoftonline.com/samlmanbc.onmicrosoft.com/oauth2/v2.0/authorize? p = b2c_1_firstdemoprofile?client_id = 08fcblahblah .您会在个人资料名称后发现第二个问号,这就是它的破绽.

  1. Url that it creates to redirect for login is formed incorrectly. It contains a question mark twice - after the url, and again after the profile name. This causes a 404 not found error every time you login, log out, etc. For example, the URL it tries to redirect to for login looks like this: https://login.microsoftonline.com/samlmanbc.onmicrosoft.com/oauth2/v2.0/authorize?p=b2c_1_firstdemoprofile?client_id=08fcblahblah. You'll notice a second question mark after the profile name, and that's what breaks it.

如果我解决此问题并尝试登录,则无法识别我的全局管理员帐户的用户名/密码.它可以识别我在目录中本地创建的新用户的用户名/密码.

If I fix that and try and log in, it doesn't recognize the username / password of my account that's a global admin. It DOES recognize the username / password of a new user I created locally in the directory.

在OnRedirectToIdentityProvider方法中,当请求类型为身份验证时,AuthenticationResponseChallenge为null,这使该调用失败:OpenIdConnectConfiguration配置=等待mgr.GetConfigurationByPolicyAsync(CancellationToken.None,notification.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary [Startup.PolicyKey]);

In the OnRedirectToIdentityProvider method, when the request type is authentication, the AuthenticationResponseChallenge is null, which makes this call fail:OpenIdConnectConfiguration config = await mgr.GetConfigurationByPolicyAsync(CancellationToken.None, notification.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary[Startup.PolicyKey]);

我通过使用静态字符串SignInPolicyId作为第二个参数来解决此问题.当一个帐户已经存在时,这种方法很好用,但是如果不存在,则Azure登录失败,并说该用户不存在一个帐户.那么在那里使用正确的值是什么,和/或如何初始化它以使其不为null?

I worked around this by using the static string SignInPolicyId for the second parameter. That works fine when an account already exists, but if it doesn't then Azure fails at login and says an account doesn't exist for the user. So what is the right value to use there, and/or how does one initialize it so it isn't null?

  1. 添加到配置文件的声明的类型以"extension_"开头;永远是真的还是现在?例如,我添加了一个名为"favoriteTeam"的属性,但其声明类型为"extension_favoriteTeam".

  1. The type of a claim that was added to a profile is preceded with "extension_"; is that always going to be true or just for now? For example, I added a property called "favoriteTeam", but the claim type for it is "extension_favoriteTeam".

当您使用FaceBook作为身份提供者时,有什么方法可以传递Facebook访问令牌声明( http://www.facebook.com/claims/AccessToken )?在将ACS与Facebook一起使用时,这很有用,因为您的应用程序随后可以使用该令牌对Facebook进行额外的调用以从中获取数据.

When you use FaceBook as an identity provider, is there any way to pass along the Facebook access token claim (http://www.facebook.com/claims/AccessToken)? This was useful when using ACS with Facebook because your app can then use that token to make additional calls to Facebook to get data from it.

推荐答案

关于问题1-我将参考Microsoft.IdentityModel.Protocol.Extensions更新为v1.0.2.206221351,并且开始工作.在此之前,我对其他引用进行了一些更新,因此,如果第一个引用不起作用,请尝试从nuget中更新更多的程序集.

In relation to issue 1 - I updated my reference Microsoft.IdentityModel.Protocol.Extensions to v1.0.2.206221351 and it started working. I made some updates to other references before this, so if the first one doesn't work, try updating more assemblies from nuget.

这篇关于Azure B2C问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-06 21:51