[英]How to authenticate webapp using token
I am trying to create a webtest which will authenticate website using token and load webpage. 我正在尝试创建一个Webtest,它将使用令牌对网站进行身份验证并加载网页。
Since webtest will run without any manual interaction, I cannot sign in. So I am trying to authenticate using token. 由于webtest将在无需任何手动交互的情况下运行,因此我无法登录。因此,我尝试使用令牌进行身份验证。
But since website using active directory it uses UseOpenIdConnectAuthentication
and UseCookieAuthentication
for authentication when accessed via browser. 但是由于网站使用活动目录,因此在通过浏览器访问时,它使用UseOpenIdConnectAuthentication
和UseCookieAuthentication
进行身份验证。
Is there a way to create a webtest like this? 有没有办法创建这样的网络测试?
I am trying to create a webtest which will authenticate website using token and load webpage. 我正在尝试创建一个Webtest,它将使用令牌对网站进行身份验证并加载网页。
But since website using active directory it uses UseOpenIdConnectAuthentication and UseCookieAuthentication for authentication when accessed via browser. 但是由于网站使用活动目录,因此在通过浏览器访问时,它使用UseOpenIdConnectAuthentication和UseCookieAuthentication进行身份验证。
According to your description, I assumed that you may leverage the package Microsoft.Owin.Security.OpenIdConnect and Microsoft.Owin.Security.Cookies to protect your application with OpenId Connect and Azure AD. 根据您的描述,我假设您可以利用包Microsoft.Owin.Security.OpenIdConnect和Microsoft.Owin.Security.Cookies使用OpenId Connect和Azure AD保护您的应用程序。
Assuming that your website is hosted by Azure web app, I assume that you could leverage the Authentication and authorization in Azure App Service and configure Authenticate with Azure AD instead of using the middle-ware manually in your code. 假设您的网站由Azure Web应用程序托管,我假设您可以利用Azure App Service中的身份验证和授权并使用Azure AD配置身份验证,而不是在代码中手动使用中间件。 But you could check the current environment in your code and use the middle-ware for authenticating locally. 但是您可以在代码中检查当前环境,并使用中间件在本地进行身份验证。
In order to get the authenticated token from azure web app, you could access the following url via the browser for logging: 为了从azure Web应用程序获取经过身份验证的令牌,您可以通过浏览器访问以下URL进行日志记录:
https://{your-app-name}.azurewebsites.net/.auth/login/aad
After logged, you would be redirected to the url as follows: 登录后,您将被重定向到URL,如下所示:
https://{your-app-name}.azurewebsites.net/.auth/login/done#token={token}
You could URL Decode the above token
, retrieve the authenticationToken
as the authenticated token to access your azure web app as follows: 您可以URL解码上述token
,检索authenticationToken
验证令牌作为已身份验证的令牌,如下所示访问您的Azure Web应用程序:
https://{your-app-name}.azurewebsites.net/xxx/xxx
Header: x-zumo-auth:{authenticationToken}
Note: The authenticationToken
would be expired after an hour. 注意: authenticationToken
将在一个小时后过期。
Moreover, for Azure Active Directory you could also leverage the id_token
or access_token
be directly included in the Authorization
header as a bearer token as follows: 此外,对于Azure Active Directory,您还可以利用id_token
或access_token
作为承载令牌直接包含在Authorization
标头中,如下所示:
https://{your-app-name}.azurewebsites.net/xxx/xxx
Header: Authorization:Bearer {id_token or access_token}
Note: In order to retrieve the id_token
or access_token
after logged, you could access the following url via the browser: 注意:为了在登录后检索id_token
或access_token
,您可以通过浏览器访问以下URL:
https://{your-app-name}.azurewebsites.net/.auth/me
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.