如何验证试图访问Azure AD中托管的Web Api的用户名/密码?
[英]How do I authenticate a user's name/password trying to access Web Api hosted in Azure AD?
问题描述
I am trying to provide basic authentication for an ASP.net Web Api hosted in Azure. 
我正在尝试为Azure中托管的ASP.net Web Api提供基本身份验证。 I've got to the point where I have extracted the users name/password from their http basic auth request inside of the API. 我已经从API的http基本身份验证请求中提取了用户名/密码。 I am following a tutorial that says when you get to this point do this: 我正在遵循一个教程,该教程说到这一点时,请执行以下操作:
//You can use Websecurity or asp.net memebrship provider to login, for
//for he sake of keeping example simple, we used out own login functionality
if (TheRepository.LoginStudent(userName, password))
{
var currentPrincipal = new GenericPrincipal(new GenericIdentity(userName), null);
Thread.CurrentPrincipal = currentPrincipal;
return;
}
Obviously he is verifying the credentials in some "repository" just for the example. 显然,他只是在示例中验证“存储库”中的凭据。 What do I do here to verify the credentials for a user I have added in Azure AD? 在这里我该如何验证我在Azure AD中添加的用户的凭据? (Just for a quick, yes you are a user, you are authenticated, move on...) When I look at the Authorization endpoints in my application page inside of azure AD, i see the following options: (快速,是的,您是用户,您已通过身份验证,继续...)当我在azure AD内的应用程序页面中查看“授权”端点时,我看到以下选项:
- FEDERATION METADATA DOCUMENT 联合元数据文件
- WS-FEDERATION SIGN-ON ENDPOINT WS-FEDERATION登录端点
- SAML-P SIGN-ON ENDPOINT SAML-P登录端点
- SAML-P SIGN-OUT ENDPOINT SAML-P登出端点
- WINDOWS AZURE AD GRAPH API ENDPOINT WINDOWS AZURE AD GRAPH API端点
- OAUTH 2.0 TOKEN ENDPOINT OAUTH 2.0令牌端点
- OAUTH 2.0 AUTHORIZATION ENDPOINT OAUTH 2.0授权端点
I tried OAuth2.0 with the auth code flow before trying this basic auth, but couldnt get it to work (possibly overkill?) because we want to be able to give users a token and allow them to immediately begin making calls without having to redirect to a browser, etc. Our users will mostly be using desktop applications... 在尝试此基本auth之前,我尝试使用auth代码流进行OAuth2.0,但是无法使其正常工作(可能会造成过大杀伤力),因为我们希望能够为用户提供令牌并允许他们立即开始拨打电话而无需重定向浏览器等。我们的用户将主要使用桌面应用程序...
1 个解决方案
解决方案1
1 2014-09-06 00:07:10
Azure AD comes with a number of client libraries that make it easy to get a token and use it in web API calls. Azure AD附带了许多客户端库,这些客户端库使获取令牌并将其轻松用于Web API调用变得容易。 If the dev stack you are targeting is covered (eg .NET desktop, android, iOS, windows store, winphone...), you are in a great spot: just download a sample that approximate your scenario (native client) from https://github.com/AzureADSamples/ , and you'll be on your way. 如果涵盖了您要定位的开发人员堆栈(例如.NET桌面,Android,iOS,Windows Store,Winphone ...),那么您将是一个不错的选择:只需从https下载与您的方案(本地客户端)近似的示例: //github.com/AzureADSamples/ ,您将一路顺风 。 If the technology you are using is NOT covered, things are a bit more complicated. 如果您使用的技术未涵盖在内,则情况会更加复杂。 One thing you can do is examining the source of any of the existing libraries (they are all OSS and available on github at https://github.com/AzureAD/ ) and reproduce it in your language/stack of choice. 您可以做的一件事是检查任何现有库的源代码(它们都是OSS,可在github上的https://github.com/AzureAD/获得 ),并以您选择的语言/堆栈重现。 Hope this helps! 希望这可以帮助! V. V.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.