i try to do an angular application with MSAL-angular and Azure B2C for authentication. I am able to authenticate the angular app with Azure B2C (i have create a susi flow) and obtain the token as show in image below
so i have create a .net core web api project and modify the appsetting configuration and the start up with this code :
appsetting.json :
"AzureAdB2C": {
"Instance": "https://{mytenat}.b2clogin.com/tfp",
"ClientId": "8xxxx-xxxx-xxxx-xxxx-xxxxxxxxc",
"Domain": "{mytenat}.onmicrosoft.com",
"SignUpSignInPolicyId": "B2C_1_susi"
}
startup.cs
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(options =>
{
Configuration.Bind("AzureAdB2C", options);
options.TokenValidationParameters.RoleClaimType = "roles";
options.TokenValidationParameters.NameClaimType = "name";
},
options => { Configuration.Bind("AzureAdB2C", options); });
// By default, the claims mapping will map claim names in the old format to accommodate older SAML applications.
//'http://schemas.microsodt.com/ws/2008/06/identity/clains/role' instead of 'roles'
// This flag ensures that the ClaimsIdentity claims collection will be build from the claims in the token
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
//services.Configure<JwtBearerOptions>(JwtBearerDefaults.AuthenticationScheme, options =>
//{
// // The claim in the Jwt token where App roles are available.
// options.TokenValidationParameters.RoleClaimType = "roles";
//});
but if i try to run localy the project and call it with postman i have this error :
**System.UnauthorizedAccessException: IDW10201: Neither scope or roles claim was found in the bearer token. **
i don't understand where is the error. can you help me?
thanks
scope. Are you using delegated permissions? - Carl ZhaoconsentScopes? That is, thescopeof the administrator consent. - Carl Zhao