在通过Azure B2C进行身份验证时,如何通过Blazor向WebAPI发出授权请求?

我正在尝试建立一个新的Blazor项目-客户端我想。我还设置了一个webapi,Blazor应用程序可以连接到它来检索或发布数据。Blazor应用程序可以通过Azure B2C进行身份验证,并显示用户已登录…但是,关键在于我无法设置Blazor应用程序来获取或发布针对API的成功验证请求…它总是返回未经授权的请求。

从技术上讲,我认为Blazor应用程序会进行身份验证,但需要获取一个访问令牌,然后该令牌需要附加到Web API的请求中以获得[授权]…但如何用Blazor在C中实现它…我不知道。

我看过一些引用JWT承载令牌的文档……这是我应该追求的吗?

我正在使用Blazor的最新版本(目前是3.something预览版)…我使用visualstudio模板选择身份验证来设置Blazor项目和Web API,并对Azure B2C使用相同的设置。

@code {
    private WeatherForecast[] forecasts;

    protected override async Task OnInitializedAsync()
    {
        var responseJson = await Http.GetStringAsync("https://my-webapi.azurewebsites.net/WeatherForecast/");
        forecasts = JsonConvert.DeserializeObject<WeatherForecast[]>(responseJson);
    }
}

我很确定我需要将上面的代码改为HttpMessage,这样我就可以在头中包含令牌。。。

  using System;
  using System.Collections.Generic;
  using System.Linq;
  using System.Threading.Tasks;
  using Microsoft.AspNetCore.Authorization;
  using Microsoft.AspNetCore.Mvc;
  using Microsoft.Extensions.Logging;

  namespace Journal.WebApi.Controllers
  {
      [Authorize]
      [ApiController]
      [Route("[controller]")]
      public class WeatherForecastController : ControllerBase
      {
          private static readonly string[] Summaries = new[]
          {
              "Freezing", "Windy" 
              //"Bracing", "Chilly", "Cool", "Cold","Mild", "Sprinkling","Raining", "Misty", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
          };

          private readonly ILogger<WeatherForecastController> _logger;

          public WeatherForecastController(ILogger<WeatherForecastController> logger)
          {
              _logger = logger;
          }

          [HttpGet]
          public IEnumerable<WeatherForecast> Get()
          {
              var rng = new Random();
              return Enumerable.Range(1, 5).Select(index => new WeatherForecast
              {
                  Date = DateTime.Now.AddDays(index),
                  TemperatureC = rng.Next(-20, 55),
                  Summary = Summaries[rng.Next(Summaries.Length)]
              })
              .ToArray();
          }
      }
  }

这是我的Blazor启动文件,以防有帮助。。。

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Net.Http;
    using System.Threading.Tasks;
    using Microsoft.AspNetCore.Authentication;
    using Microsoft.AspNetCore.Authentication.AzureADB2C.UI;
    using Microsoft.AspNetCore.Builder;
    using Microsoft.AspNetCore.Components;
    using Microsoft.AspNetCore.Hosting;
    using Microsoft.AspNetCore.HttpsPolicy;
    using Microsoft.Extensions.Configuration;
    using Microsoft.Extensions.DependencyInjection;
    using Microsoft.Extensions.Hosting;
    using Journal.Blazor.Data;
    using Microsoft.AspNetCore.Authentication.JwtBearer;
    using Microsoft.IdentityModel.Tokens;
    using System.Text;

    namespace Journal.Blazor
    {
        public class Startup
        {
            public Startup(IConfiguration configuration)
            {
                Configuration = configuration;
            }

            public IConfiguration Configuration { get; }

            // This method gets called by the runtime. Use this method to add services to the container.
            // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
            public void ConfigureServices(IServiceCollection services)
            {
                services.AddAuthentication(AzureADB2CDefaults.AuthenticationScheme)
                    .AddAzureADB2C(options => Configuration.Bind("AzureAdB2C", options));

                services.AddRazorPages();
                services.AddServerSideBlazor();

                //ToDo:  only do this when in dev
                services.AddServerSideBlazor().AddCircuitOptions(options => { options.DetailedErrors = true; });

                // Server Side Blazor doesn't register HttpClient by default
                if (!services.Any(x => x.ServiceType == typeof(HttpClient)))
                {
                    // Setup HttpClient for server side in a client side compatible fashion
                    services.AddScoped<HttpClient>(s =>
                    {
                        // Creating the URI helper needs to wait until the JS Runtime is initialized, so defer it.      
                        var uriHelper = s.GetRequiredService<NavigationManager>();
                        return new HttpClient
                        {
                            BaseAddress = new Uri(uriHelper.BaseUri)
                        };
                    });
                }
            }

            // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
            public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
            {
                if (env.IsDevelopment())
                {
                    app.UseDeveloperExceptionPage();
                }
                else
                {
                    app.UseExceptionHandler("/Error");
                    // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                    app.UseHsts();
                }

                app.UseHttpsRedirection();
                app.UseStaticFiles();

                app.UseRouting();

                app.UseAuthentication();
                app.UseAuthorization();

                app.UseEndpoints(endpoints =>
                {
                    endpoints.MapControllers();
                    endpoints.MapBlazorHub();
                    endpoints.MapFallbackToPage("/_Host");
                });
            }
        }
    }