在受Azure AD B2C保护的Azure Function App的Postman中请求访问令牌
[英]Request Access Token in Postman for Azure Function App protected by Azure AD B2C
问题描述
I have an AspNetCore 2.0 MVC web API secured by an Azure Active Directory B2C tenant. 
我有一个由Azure Active Directory B2C租户保护的AspNetCore 2.0 MVC Web API。 I have been able to use Postman to test the API end points by following this SO posting: Request Access Token in Postman for Azure AD B2C (in particular, the Microsoft documented steps referenced in SpottedMahn's comments: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/azure-ad-b2c-webapi#use-postman-to-get-a-token-and-test-the-api ) 我已经能够通过执行以下SO发布操作来使用Postman来测试API端点: Azure AD B2C中的Postman中的请求访问令牌 (特别是Microsoft已记录在SpottedMahn的注释中的步骤: https ://docs.microsoft.com / zh-CN / aspnet / core / security / authentication / azure-ad-b2c-webapi#use-postman来获取令牌并测试api )
Now, I am working on a serverless version of the above - the app is pretty much identical expect that the endpoints have been implemented by Azure functions in an Azure Functions App 现在,我正在开发上述版本的无服务器版本-该应用程序几乎相同,只是期望端点已由Azure Functions应用程序中的Azure函数实现
The Functions App has Authentication on, Log in with Azure Active Directory and the following settings: Functions应用已启用身份验证,使用Azure Active Directory登录并具有以下设置:
This is how i have set up the Application in the Azure B2C tenant: 这是我在Azure B2C租户中设置应用程序的方式:
If I access the functions endpoint via a browser, I get successfully routed to the Azure AD B2C login page and can log in, then see the results from the API endpoint. 如果我通过浏览器访问功能端点,则可以成功路由到Azure AD B2C登录页面并可以登录,然后从API端点查看结果。 So I'm pretty confident all is good wrt the Azure AD B2C <-> Function App configuration. 因此,我非常有信心,对于Azure AD B2C <-> Function App配置来说,一切都很好。
However, I can't use the Request Access Token technique linked above to get a token and inspect the endpoint in Postman 但是,我无法使用上面链接的“请求访问令牌”技术来获取令牌并检查Postman中的端点
If I take the token obtained after authentication (for example by using fiddler and observing the id_token being returned), and in Postman I choose Bearer authentication and supply that id_token, then Postman successfully hits my endpoint. 如果我采用身份验证后获得的令牌(例如,通过使用提琴手并观察返回的id_token),并且在Postman中,我选择Bearer身份验证并提供该id_token,则Postman成功命中了我的端点。 However, if I follow the steps in the linked document above, I do get the "login" popup and then do get a valid [looking] token, but when I click Use Token and run the request, I get 但是,如果我按照上面链接的文档中的步骤进行操作,则会收到“登录”弹出窗口,然后获得有效的[外观]令牌,但是当我单击“使用令牌”并运行请求时,我得到了
You do not have permission to view this directory or page.
I'd really like to be able to request an access token from postman just like I can with my aspnetcore 2.0 app (really just for the consistency so I don't have to remember lots of different techniques). 我真的很希望能够像使用aspnetcore 2.0应用程序一样向邮递员索取访问令牌(确实是为了保持一致性,因此我不必记住很多不同的技术)。 Is that possible for Azure Function Apps and if so, any clues what I'm doing wrong in the above? Azure Function应用程序是否可以实现?如果可以,那么上面我做错的任何线索是什么?
1 个解决方案
解决方案1
0 已采纳 2018-03-15 16:24:30
Ah I stumbled upon it. 啊,我偶然发现了它。 I fixed it by adding the Postman API client id (note: the postman API client id, not the postman App client id) [those references will make sense in the context of the Microsoft how-to linked above], under "ALLOWED TOKEN AUDIENCES" (visible in screenshot in question above). 我固定它通过将邮差API客户端ID(注:邮递员API客户端ID,而不是邮递员App客户端ID)的引用才有意义在微软的背景下如何对上面链接],“允许的TOKEN AUDIENCES下”(在上述问题的屏幕快照中可见)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.