Azure Active Directory B2C, 404 error, unexpected question mark in URL

问题

I am implementing Azure Active Directory B2C from this official tutorial. when I run my code it says 404 - File or directory not found. The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable. The issue is with URL, it contain question mark (screenshot). In place of question mark there should me an ampersand (&), if I manually replace "?" with "&" it works fine. Here my startup class

public partial class Startup
    {
        // App config settings
        public static string ClientId = ConfigurationManager.AppSettings["ida:ClientId"];
        public static string ClientSecret = ConfigurationManager.AppSettings["ida:ClientSecret"];
        public static string AadInstance = ConfigurationManager.AppSettings["ida:AadInstance"];
        public static string Tenant = ConfigurationManager.AppSettings["ida:Tenant"];
        public static string RedirectUri = ConfigurationManager.AppSettings["ida:RedirectUri"];
        public static string ServiceUrl = ConfigurationManager.AppSettings["api:TaskServiceUrl"];

    // B2C policy identifiers
    public static string SignUpSignInPolicyId = ConfigurationManager.AppSettings["ida:SignUpSignInPolicyId"];
    public static string EditProfilePolicyId = ConfigurationManager.AppSettings["ida:EditProfilePolicyId"];
    public static string ResetPasswordPolicyId = ConfigurationManager.AppSettings["ida:ResetPasswordPolicyId"];

    public static string DefaultPolicy = SignUpSignInPolicyId;

    // API Scopes
    public static string ApiIdentifier = ConfigurationManager.AppSettings["api:ApiIdentifier"];
    public static string ReadTasksScope = ApiIdentifier + ConfigurationManager.AppSettings["api:ReadScope"];
    public static string WriteTasksScope = ApiIdentifier + ConfigurationManager.AppSettings["api:WriteScope"];
    public static string[] Scopes = new string[] { ReadTasksScope, WriteTasksScope };

    // OWIN auth middleware constants
    public const string ObjectIdElement = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier";

    // Authorities
    public static string Authority = String.Format(AadInstance, Tenant, DefaultPolicy);

    // Initialize variables ...

    // Configure the OWIN middleware
    public void ConfigureAuth(IAppBuilder app)
    {
        app.UseCookieAuthentication(new CookieAuthenticationOptions());
        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
            // Generate the metadata address using the tenant and policy information
            MetadataAddress = Authority,

            // These are standard OpenID Connect parameters, with values pulled from web.config
            ClientId = ClientId,
                RedirectUri = RedirectUri,
                PostLogoutRedirectUri = RedirectUri,

            // Specify the callbacks for each type of notifications
            Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    RedirectToIdentityProvider = OnRedirectToIdentityProvider,
                    AuthorizationCodeReceived = OnAuthorizationCodeReceived,
                    AuthenticationFailed = OnAuthenticationFailed,
                },

            // Specify the claims to validate
            TokenValidationParameters = new TokenValidationParameters
                {
                    NameClaimType = "name"
                },

            // Specify the scope by appending all of the scopes requested into one string (seperated by a blank space)
            Scope = $"{OpenIdConnectScopes.OpenId} {ReadTasksScope} {WriteTasksScope}"
            }
        );
    }`  

and here webconfig

<add key="ida:Tenant" value="explicarte.onmicrosoft.com" />
<add key="ida:ClientId" value="a2d**********************" />
<add key="ida:ClientSecret" value="0f**************" />
<add key="ida:AadInstance" value="https://login.microsoftonline.com/{0}/v2.0/.well-known/openid-configuration?p={1}" />
<add key="ida:RedirectUri" value="https://explicarted.azurewebsites.net/" />
<add key="ida:SignUpSignInPolicyId" value="B2C_1_MySignupSigninPolicy" />
<add key="EditProfilePolicyId" value="B2C_1_myProfileEditingPolicy" />
<add key="ResetPasswordPolicyId" value="B2C_1_PasswordResetPolicy" />
<add key="api:ApiIdentifier" value="https://explicarted.azurewebsites.net/tasks/" />
<add key="api:ReadScope" value="read" />
<add key="api:WriteScope" value="write" />
<add key="api:TaskServiceUrl" value="https://explicarted.azurewebsites.net/" />

回答1:

There is a known issue around handling pre-existing query string parameters in one of the .Net libraries.

You are most likely using one of these older versions. I believe the specific problematic library is Microsoft.IdentityModel.Protocol.Extensions.

You should try updating this library or just taking the sample as a starting point as that one already has correct (updated) libraries.

PS: You should use the following authority:

https://login.microsoftonline.com/tfp/{0}/{1}/v2.0/.well-known/openid-configuration

来源：https://stackoverflow.com/questions/44221248/azure-active-directory-b2c-404-error-unexpected-question-mark-in-url