search

dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.36k stars 9.99k forks source link

How to get access token in Blazor server with Azure B2C #55578

Closed setin1219 closed 5 months ago

setin1219 commented 5 months ago

Hi All,

I have been working for like few days on trying to figure out a way to fetch the access token in blazor server application, but so far it didnt worked out.

this is what i have in program.cs ..... builder.Services.AddMicrosoftIdentityWebAppAuthentication(builder.Configuration, Constants.AzureAdB2C); builder.Services.AddInMemoryTokenCaches(); .....

also when i try to fetch the token using ITokenAcquisition in razor page, i see another error although user is already signed in:

MSAL.NetCore.4.60.3.0.MsalUiRequiredException: ErrorCode: user_null Microsoft.Identity.Client.MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call. 

also another problem is that i have to pass the scope for, my enterprise portal which i couldn't figure how to do in Blazor server, although below code i can see for Blazor WASM:

builder.Services.AddMsalAuthentication(options => { builder.Configuration.Bind("AzureAdB2C", options.ProviderOptions.Authentication);
options.ProviderOptions.DefaultAccessTokenScopes.Add("enterpriseportalscopeurl");
options.ProviderOptions.LoginMode = "redirect"; });

It will be a great help if anyone already solved this problem.

setin1219 commented 5 months ago

i also tried this [Inject] public ITokenAcquisition TokenAcquisitionService { get; set; } ....... ....... string token = await TokenAcquisitionService.GetAccessTokenForUserAsync("scopeurl", authenticationScheme: "OpenIdConnect") but it resulted in below error: Microsoft.Identity.Web.TokenAcquisition: Information: [MsIdWeb] An error occured during token acquisition: No account or login hint was passed to the AcquireTokenSilent call.

MSAL.NetCore.4.60.3.0.MsalUiRequiredException: ErrorCode: user_null Microsoft.Identity.Client.MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call. at Microsoft.Identity.Client.Internal.Requests.Silent.SilentRequest.ExecuteAsync(CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<b__1>d.MoveNext()

mkArtakMSFT commented 5 months ago

Thanks for contacting us. Please follow the guidance we have for this here: https://learn.microsoft.com/en-us/aspnet/core/blazor/security/blazor-web-app-with-oidc?view=aspnetcore-8.0

setin1219 commented 5 months ago

@mkArtakMSFT thank you for the reply, I have check this url earlier, one doubt I thought had, how can I pass my enterprise portal scope to this. The access token which is fetched from b2c is missing 'scp' scope. I got to know from enterprise portal team that we need to pass this scope while acquiring token.

Also I am working on Blazor Server application with Interactive Mode and not auto or wasm.