如何使用令牌对Webapp进行身份验证
[英]How to authenticate webapp using token
问题描述
I am trying to create a webtest which will authenticate website using token and load webpage. 
我正在尝试创建一个Webtest,它将使用令牌对网站进行身份验证并加载网页。
Since webtest will run without any manual interaction, I cannot sign in. So I am trying to authenticate using token. 由于webtest将在无需任何手动交互的情况下运行,因此我无法登录。因此,我尝试使用令牌进行身份验证。
But since website using active directory it uses UseOpenIdConnectAuthentication and UseCookieAuthentication for authentication when accessed via browser. 但是由于网站使用活动目录,因此在通过浏览器访问时,它使用UseOpenIdConnectAuthentication和UseCookieAuthentication进行身份验证。
Is there a way to create a webtest like this? 有没有办法创建这样的网络测试?
1 个解决方案
解决方案1
1 2017-12-29 12:18:04
I am trying to create a webtest which will authenticate website using token and load webpage.
But since website using active directory it uses UseOpenIdConnectAuthentication and UseCookieAuthentication for authentication when accessed via browser.
According to your description, I assumed that you may leverage the package Microsoft.Owin.Security.OpenIdConnect and Microsoft.Owin.Security.Cookies to protect your application with OpenId Connect and Azure AD. 根据您的描述,我假设您可以利用包Microsoft.Owin.Security.OpenIdConnect和Microsoft.Owin.Security.Cookies使用OpenId Connect和Azure AD保护您的应用程序。
Assuming that your website is hosted by Azure web app, I assume that you could leverage the Authentication and authorization in Azure App Service and configure Authenticate with Azure AD instead of using the middle-ware manually in your code. 假设您的网站由Azure Web应用程序托管,我假设您可以利用Azure App Service中的身份验证和授权并使用Azure AD配置身份验证,而不是在代码中手动使用中间件。 But you could check the current environment in your code and use the middle-ware for authenticating locally. 但是您可以在代码中检查当前环境,并使用中间件在本地进行身份验证。
In order to get the authenticated token from azure web app, you could access the following url via the browser for logging: 为了从azure Web应用程序获取经过身份验证的令牌,您可以通过浏览器访问以下URL进行日志记录:
https://{your-app-name}.azurewebsites.net/.auth/login/aad
After logged, you would be redirected to the url as follows: 登录后,您将被重定向到URL,如下所示:
https://{your-app-name}.azurewebsites.net/.auth/login/done#token={token}
You could URL Decode the above token , retrieve the authenticationToken as the authenticated token to access your azure web app as follows: 您可以URL解码上述token ,检索authenticationToken验证令牌作为已身份验证的令牌,如下所示访问您的Azure Web应用程序:
https://{your-app-name}.azurewebsites.net/xxx/xxx
Header: x-zumo-auth:{authenticationToken}
Note: The authenticationToken would be expired after an hour. 注意: authenticationToken将在一个小时后过期。
Moreover, for Azure Active Directory you could also leverage the id_token or access_token be directly included in the Authorization header as a bearer token as follows: 此外,对于Azure Active Directory,您还可以利用id_token或access_token作为承载令牌直接包含在Authorization标头中,如下所示:
https://{your-app-name}.azurewebsites.net/xxx/xxx
Header: Authorization:Bearer {id_token or access_token}
Note: In order to retrieve the id_token or access_token after logged, you could access the following url via the browser: 注意:为了在登录后检索id_token或access_token ,您可以通过浏览器访问以下URL:
https://{your-app-name}.azurewebsites.net/.auth/me
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.