Last spring I got this example to work and now I have created another new git clone and I'm having trouble again.
The problem occurs after successfully authenticating in the client and then pressing the "TodoList" link in the nav bar. The problem is in %SRCROOT%\active-directory-aspnetcore-webapp-openidconnect-v2-2\4-WebApp-your-API\4-2-B2C\Client\Services\TodoListService.cs Line 107 where the response.StatusCode is FORBIDDEN.
var response = await _httpClient.GetAsync($"{ _TodoListBaseAddress}/api/todolist");
if (response.StatusCode == HttpStatusCode.OK)
{
var content = await response.Content.ReadAsStringAsync();
IEnumerable<Todo> todolist = JsonConvert.DeserializeObject<IEnumerable<Todo>>(content);
return todolist;
}
Here is the log file from the TodoService:
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/2 GET https://localhost:44332/
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 1039.6571ms 404
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://localhost:44332/api/todolist
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[2]
Successfully validated the token.
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[13]
AuthenticationScheme: Bearer was forbidden.
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 1395.9938ms 403
Last spring I as able to fix this with the following code in the controller:
[HttpGet]
//[Authorize(Policy = "ReadScope")]
[Authorize(Policy= "UserImpersonationScope")]
public IEnumerable<Todo> Get()
{
string owner = User.Identity.Name;
return TodoStore.Values.Where(x => x.Owner == owner);
}
Here are my notes where I fixed the problem last spring with defining scopes in my tenant and I have not altered these since then.
Perhaps the problem is here: %SRCROOT%\active-directory-aspnetcore-webapp-openidconnect-v2-2\4-WebApp-your-API\4-2-B2C\TodoListService\AuthorizationPolicies\ScopesRequirement.cs(line 22). When I set a break point here I see the only accepted scope is "read". Should I not be seeing the other scopes I defined in my registrations in my tenant like "write" and "user_impersonation"?
However, the original C# code has
[Authorize(Policy = "ReadScope")]
And this is not working with the new clone (and was not working with the old clone from last spring either). However, scopes read/write/user_impersonation are also defined in the registration of my Web API in my tenant.
When I check the API permissions in my Tenant Registrations for my client access to the WebAPI, I see read/write/user_impersonation are also still defined.
How can I fix this?
Mon Jan 04 2021 Update:
I'd like to ask a few more questions before I mark the answer
In the appsettings.json I see TodoListScope is defined for "read".
"TodoListScope": "https://fabrikamb2c.onmicrosoft.com/tasks/read"
(1) What is the purpose of this statement and how does it relate to adding scopes in the C# code (as in Alfredo's code below)? Does this statement need to be enhanced for the additional scopes like user_impersonation and write?
(2) When might we want to modify this file? %SRCROOT%\aad-aspnetcore-webapp-openidconnect-v2\4-WebApp-your-API\4-2-B2C\TodoListService\AuthorizationPolicies\ScopesRequirement.cs
(3) How do we assign meaning to scopes like user_impersonation? I believe the only meaning they have is the way they are used in the authorize annotations in the controller... Is this true?
Thanks
Siegfried
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 23%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
