Azure Active Directory B2C通过静态链接访问配置文件错误

hivapdat  于 2023-05-29  发布在  其他
关注(0)|答案(2)|浏览(236)

我正在使用Azure Active Directory B2C进行Azure的外部授权。一切正常,直到周五19时突然我的后端无法响应,因为它无法从静态链接接收配置信息。

有趣的是,这个链接是完全可行的,当在浏览器中通过这个URL时,它会打开json文件,但我的后端无法访问它。
临时决定将此文件加载到AWS上的s3存储桶,以获取其公共URL并在应用程序配置中更改指向此文件的链接。但这个决定很丑陋,我想弄清楚问题出在哪里。
Stack:.Net Framework 4.6.2.
链接到我的项目设置中的配置文件:
<add key="ida:AadInstance" value="https://xxx.b2clogin.com/{0}/v2.0/.well-known/openid-configuration?p={1}" />

syqv5f0l

syqv5f0l1#

问题出在TLS版本。我的应用程序默认使用TLS 1.1版本。我认为Azure默默地弃用了TLS 1.1版本,并且所有请求都被跳过,状态代码为426 Upgrade required。
解决方案是在我的项目中将TLS版本更改为1.2。
下面的代码解决了我的问题:

public void SetAppropriateTlsVersion()
{
    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;
}
rqqzpn5f

rqqzpn5f2#

是,对于4.6.x之后的Dotnet框架,必须具有升级的tls版本。我可以通过使用tls版本1.2**System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;**成功绕过错误
检查以下内容:
Startup.cs:

using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.UI;

 

namespace WebApp_OpenIDConnect_DotNet
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

 
    public IConfiguration Configuration { get; }


    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
            // Handling SameSite cookie according to https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
            options.HandleSameSiteCookieCompatibility();
        });


        // Configuration to sign-in users with Azure AD B2C
        services.AddMicrosoftIdentityWebAppAuthentication(Configuration, Constants.AzureAdB2C);

        services.AddControllersWithViews()
            .AddMicrosoftIdentityUI();


        services.AddRazorPages();


        //Configuring appsettings section AzureAdB2C, into IOptions
        services.AddOptions();
        services.Configure<OpenIdConnectOptions>(Configuration.GetSection("AzureAdB2C"));
    }


    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
            app.UseHsts();
        }


        app.UseHttpsRedirection();
        app.UseStaticFiles();
        System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12; //add this tls
        app.UseRouting();
        app.UseAuthentication();
        app.UseAuthorization();


        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Index}/{id?}");
            endpoints.MapRazorPages();
        });
    }
}

}

Appsettings.json

{
  "AzureAdB2C": {
    "Instance": "https://xxxab2c.b2clogin.com",
    "ClientId": "xxx",
    "Domain": "xxb2c.onmicrosoft.com",
    "SignedOutCallbackPath": "/signout/B2C_1_susi",
    "SignUpSignInPolicyId": "b2c_1_susi",
    "ResetPasswordPolicyId": "b2c_1_reset",
    "EditProfilePolicyId": "b2c_1_edit_profile" // Optional profile editing policy
    //"CallbackPath": "/signin/B2C_1_sign_up_in"  // defaults to /signin-oidc
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft": "Warning",
      "Microsoft.Hosting.Lifetime": "Information"
    }
  },
  "AllowedHosts": "*"
}

确保使用最新的补丁程序升级最新的框架,并检查网络连接。然后该程序可以成功运行与azure广告b2c

相关问题