[英]Azure AD User info with JWT Bearer token and ASP.NET Core 2 WebApi
I found a tutorial where I can sign in to my application with Azure AD credentials. 我找到了一个教程 ,可以在其中使用Azure AD凭据登录我的应用程序。
In my frontend I'm using Xamarin.Forms . 在前端,我使用Xamarin.Forms 。 In my backend I'm using ASP.NET Core 2.0 WebApi .
在后端,我正在使用ASP.NET Core 2.0 WebApi 。
Backend: 后端:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
app.UseMvc();
}
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = String.Format(Configuration["AzureAd:AadInstance"], Configuration["AzureAD:Tenant"]);
options.Audience = Configuration["AzureAd:Audience"];
});
}
It's pretty simple. 很简单
In my frontend I'm filling in my credentials and asking for a access_token. 在我的前端中,我填写我的凭据并要求一个access_token。
{
"token_type": "Bearer",
"scope": "user_impersonation",
"expires_in": "3600",
"ext_expires_in": "0",
"expires_on": "1507104075",
"not_before": "1507100175",
"resource": "my_resource",
"access_token": "my_access_token",
"refresh_token": "my_refresh_token"
}
The access_token i'm filling in the headers with Authorization set with bearer my_access_token
. 我用access_token填充标头,其中设置的授权是
bearer my_access_token
。
My Api know's all my information because it will automaticly set claims with the info from my access_token. 我的Api知道我的所有信息,因为它将自动使用我的access_token中的信息设置声明。 This info is provided by Azure AD.
此信息由Azure AD提供。 (fullname, firstname, lastname, ...)
(全名,名字,姓氏...)
But how can I get this information in my frontend? 但是,如何在前端获取此信息?
You might want to check out the active-directory-dotnet-native-desktop sample on GitHub. 您可能想查看GitHub上的active-directory-dotnet-native-desktop示例。
I shows how to use ADAL.NET in a desktop app, to get a token for a service. 我展示了如何在桌面应用程序中使用ADAL.NET来获取服务的令牌。 you will need to adapt it for your Xamarin forms client, but the principle is the same as far as authentication is concerned.
您将需要针对Xamarin Forms客户端对其进行调整,但是就身份验证而言,其原理是相同的。 Also it contains a service and you would replace it by your own service and get a token for your web API by changing the resource ID to be the one of your application created using the ASP.NET wizard (you'll find it in the Azure portal as described in the readme.md of the sample)
它还包含一个服务,您可以将其替换为自己的服务,并通过将资源ID更改为使用ASP.NET向导创建的应用程序之一来获取Web API的令牌(您可以在Azure中找到它门户网站,如示例的readme.md中所述)
the idea is that you first get a token using ADAL.Net line 92 of TodoListClient/MainWindow.xaml.cs 这个想法是,您首先使用TodoListClient / MainWindow.xaml.cs的 ADAL.Net 第92行获得令牌。
result = await authContext.AcquireTokenAsync(todoListResourceId, clientId, redirectUri, ...)
and then you use it as a bearer token line 121 然后将其用作承载令牌行121
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
If all the info you required is include in the access token, you can just decode the access token on the client. 如果您所需的所有信息都包含在访问令牌中,则只需在客户端上解码访问令牌即可。 The access token is a JWT, it is easy to research code sample to decode the access token like following threads:
访问令牌是一个JWT,很容易研究代码示例以对访问令牌进行解码,例如以下线程:
How to decode JWT Token? 如何解码JWT令牌?
Decoding and verifying JWT token using System.IdentityModel.Tokens.Jwt 使用System.IdentityModel.Tokens.Jwt解码和验证JWT令牌
And if you also require more user info, you can refresh the access token for the Microsoft Graph, and call the me
endpoint of Microsoft Graph(refer here ). 并且,如果您还需要更多用户信息,则可以刷新Microsoft Graph的访问令牌,并调用Microsoft Graph的
me
端点(请参阅此处 )。 And below is the document about how to refresh the access token via refresh token: 以下是有关如何通过刷新令牌刷新访问令牌的文档:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.