将 ASP.NET Core Identity 与 Blazor 中的 Microsoft.Identity.Web 集成以进行身份验证

发布于 2025-01-17 20:42:46 字数 2794 浏览 1 评论 0 原文

我一直在为我的Blazor应用程序进行身份验证方法已有一段时间了。我目前正在作为独立保护的WebAPI + Blazor Server开发，但最终将迁移到独立的受保护的WebAPI +托管的Blazor WASM，因此我需要注意服务器和客户端端身份验证。 WebAPI还将为最终用户提供外部ODATA FEED和API，还需要使用中央身份验证机制保护。

我希望能够使用Microsoft（即Microsoft.Identity.Web / MSAL）登录，但希望在数据库级别配置一些相当复杂的角色和行为（即ASP.NET核心身份）。希望帮助别人了解不同的文档集，以下是指向这两个选项的MS文档的链接。

不知道其他任何人，但是我发现很难浏览不同的文档集和教程，以便首先了解它们的工作方式，其次确定它是否最适合我。

我的问题是，是否有人有任何文档有关他们如何将Microsoft.Identity.web与Blazor Server和/或WASM Apps ？的单个用户帐户集成在一起的单个用户帐户。

以下链接显示了如何在ASP.NET核心身份中完成所有操作。

如果我正在构建MVC Web应用程序，那就是我要做的。但是，我真的很喜欢Microsoft.Identity.Web / MSAL（即IE。Itokenaquisition等）的令牌处理功能。必须将剃须刀页用于ASP.NET核心身份并牢固地处理令牌似乎是一个问题，这似乎是一个真正的问题，尤其是对于Blazor Wasm而言。

克里斯·塞尼（Chris Sainty）在以下链接中将某些ASP.NET剃须刀页面移植到julazor组件方面做得很好。但是，他对代币进行了很多（非常聪明的）手动处理，我不确定我喜欢将令牌存储在Blazor应用程序的本地存储中的想法。我尚未详细介绍它，但是我认为这种方法无法直接转移到Blazor Wasm。

SO PORT表示无法将单个用户帐户与Microsoft.Identity.web集成。 c＃ - Microsoft Identity Plata plata with as asp.net core core a>

我得到了一个工作解决方案，我同时拥有ASP.NET Core Identity和Microsoft.Identity.Web并排工作。但是，我发现这很难实施和调试。一旦您开始混合各种构建器。）选项（例如。addmicrosoftitywebapp，。addmicrosoftidentitywebapi，.addidentityCore，.addidentity，.addddefaultity，.addjwtbearer等。我基本上不得不回到来源，让他们每个人都弄清楚他们在封面下实际在做的事情，并弄清楚如何融合它们。我最终回到了RAW OAUTH / OPENID规格并手动实施所有内容 - 这是非常不满意的，我对可能引入安全缺陷的风险感到不满 - 即使我将其授予“工作”。

编辑：此帖子与我实施的帖子相似。

Microsoft c相信只要达到这种理解水平，并且仍然没有一个坚实的工作概念来实现我想要的工作，这是由有记录的可接受的技术支持的，而不仅仅是我在手动实施一切方面的kludge。

现在看来，如果我想尽可能多地使用框 /记录的功能，我怀疑我应该使用ASP.NET核心身份并确定如何将ASP.NET Razor页面集成到我的Web中API，Blazor Server和Blazor Wasm应用程序。但是，这似乎是一个向后的步骤，因为Microsoft.Identity.Web / MSAL似乎更适合大餐，并且似乎是MS前进的方向。

如果有人可以向我指出如何完成此操作的一些示例，我将非常感谢。

原文

I have been working on authentication methods for my blazor app for some time now. I am currently developing as a standalone protected WebApi + Blazor Server, but will ultimately migrate to standalone protected WebApi + Hosted Blazor WASM so I need to be mindful of both server and client side authentication. The WebAPI will also serve an external OData feed and API for end users that also needs to be protected using the central authentication mechanism.

I would like to be able to sign on with Microsoft (ie. Microsoft.Identity.Web / MSAL), but want to configure some fairly complex roles and behaviours at the database level
(ie. ASP.NET Core Identity). To hopefully help someone else understand the different documentation sets, following are links to MS docs for the 2 options.

Introduction to Identity on ASP.NET Core

Microsoft Identity Platform Documentation

Don’t know about anyone else, but I have found it very difficult to navigate through the different documentation sets and tutorials to firstly understand how they work and secondly determine if it is best for me.

My question is, does anyone have any documentation on how they have integrated Microsoft.Identity.Web with the individual user accounts available in ASP.NET Core Identity for Blazor Server and/or WASM apps?, .

The following link shows how to do it all within ASP.NET Core Identity.
Integrate ASP.NET Core Identity with Microsoft account | BinaryIntellect Knowledge Base

If I was building an MVC web app, that’s what I would do. However, I really like the token handling capabilities of Microsoft.Identity.Web / MSAL (ie. ITokenAquisition etc.) for Blazor. It seems to be a real kludge to have to use the Razor pages for ASP.NET Core Identity and handling tokens securely becomes an issue – especially for Blazor WASM.

Chris Sainty has done some good work in porting some of the ASP.Net Razor pages to Blazor Components in the following link. However he does a lot of (very clever) manual processing of the token and I’m not sure I like the idea of storing the token in unprotected Local Storage of the blazor app. I haven’t gone into it in full detail yet, but I don’t think this method will be directly transferrable to Blazor WASM.
Authentication with client-side Blazor using WebAPI and ASP.NET Core Identity (chrissainty.com)

This SO post indicates that it is not possible to integrate Individual user accounts with Microsoft.Identity.Web.
c# - Microsoft Identity Plataform with asp.net Core Identity - Stack Overflow

I got a working solution going where I had both ASP.NET Core Identity and Microsoft.Identity.Web working side by side. However, I found this to be very difficult to implement and debug. Once you start mixing the various builder.Services.AddAuthetication(
) options (eg. .AddMicrosoftIdentityWebApp, . AddMicrosoftIdentityWebApi, .AddIdentityCore, .AddIdentity, .AddDefaultIdentity, .AddJWTBearer etc. etc.) I have found that you enter a world of pain and unpredictable behaviour. I basically had to go back to the source for each of them to work out what they were actually doing under the covers and work out how to blend them. I ended up going back to the raw OAuth / OpenId specifications and implementing everything manually – which is very unsatisfactory and I was unhappy with the risk I was taking in potentially introducing a security flaw – even though I got it to “work”.

EDIT: This SO post is similar to what I implemented. Microsoft Identity Local User Accounts and MSAL

I can’t believe how hard it has been to just get to this level of understanding, and still not have a solid working concept that does what I want it to do that is supported by documented acceptable techniques and not just my kludge at implementing everything manually.

Right now it appears to me that if I want to use as much out of the box / documented functionality as possible, I suspect that I should use ASP.NET Core Identity and work out how to integrate the ASP.net razor pages into my Web Api, Blazor Server and and Blazor WASM apps. However, this appears to be a backward step since Microsoft.Identity.Web / MSAL seems to be so much better suited to Blazor and seems to be the direction that MS is going.

If anyone can point me to some current examples of how this can be done, I would be very thankful.

分享到QQ

分享到微博