[英]Authenticate to Azure API App using ADAL
I have an Azure API App marked as "Public (authenticated)" and set up an Azure Active Directory identity in the associated gateway as detailed in Protect an API App . 我有一个标记为“公共(经过身份验证)”的Azure API应用程序,并在关联网关中设置Azure Active Directory标识,如“ 保护API应用程序”中所述 。
I then created a native application in the same Azure Active Directory Tenant and added permission to access the Gateway in the delegated permissions. 然后,我在同一个Azure Active Directory租户中创建了一个本机应用程序,并添加了在委派权限中访问网关的权限。
Using ADAL and the following code, I'm able to successfully authenticate and get an access token, but I can't figure out how to use it to access my API app. 使用ADAL和以下代码,我能够成功验证并获取访问令牌,但我无法弄清楚如何使用它来访问我的API应用程序。
string Tenant = "[xxx].onmicrosoft.com";
string Authority = "https://login.microsoftonline.com/" + Tenant;
string GatewayLoginUrl = "https://[gateway].azurewebsites.net/login/aad";
string ClientId = "[native client id]";
Uri RedirectUri = new Uri("[native client redirect url]");
async Task<string> GetTokenAsync()
{
AuthenticationContext context = new AuthenticationContext(Authority);
PlatformParameters platformParams = new PlatformParameters(PromptBehavior.Auto, null);
AuthenticationResult result = await context.AcquireTokenAsync(GatewayLoginUrl, ClientId, RedirectUri, platformParams);
return result.AccessToken;
}
I've tested the API app manually entering an x-zumo-auth header
I get in Chrome and it works then, but not with a token I get using ADAL. 我已经测试了API应用程序手动输入我在Chrome中获得的
x-zumo-auth header
然后它可以正常工作,但是没有我使用ADAL的令牌。 I've also tried the browser forms described in their sample code which works but doesn't give me a refresh token. 我也尝试了他们的示例代码中描述的浏览器表单,但它没有给我一个刷新令牌。
How do I need to set up my authentication code so I can use a TokenCache
and ADAL with my API app? 如何设置我的身份验证代码,以便在我的API应用程序中使用
TokenCache
和ADAL?
Generally you pass the access token in the Authorization header when when calling a web api: 通常,在调用web api时,会在Authorization标头中传递访问令牌:
Authorization: Bearer ThisIsTheAccessTokenYouRecievedFromADAL 授权:Bearer ThisIsTheAccessTokenYouRecievedFromADAL
You may want to use AppServiceClient to authenticate the user and invoke a protected API App endpoint. 您可能希望使用AppServiceClient对用户进行身份验证并调用受保护的API App端点。 Install Microsoft.Azure.AppService SDK (-pre) Nuget package to your client project.
将Microsoft.Azure.AppService SDK(-pre)Nuget包安装到您的客户端项目。
You can find more details in the AzureCards samples on GitHub - https://github.com/Azure-Samples/API-Apps-DotNet-AzureCards-Sample 您可以在GitHub上的AzureCards示例中找到更多详细信息 - https://github.com/Azure-Samples/API-Apps-DotNet-AzureCards-Sample
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.