堆栈内存溢出
  简体   繁体   English

使用Azure AD对应用程序代理进行编程身份验证

[英]Programmatically authenticate with Azure AD for Application Proxy

 原文  2018-06-05 12:45:58       c#/ .net/ oauth/ azure-active-directory/ owin

问题描述

I have an on-premise hosted WCF service with REST endpoint which is configured for Anonymous authentication only in IIS. 我有一个带有REST端点的本地托管WCF服务,该端点仅在IIS中配置为进行匿名身份验证。 I installed and configured Azure App proxy connector on the server. 我在服务器上安装并配置了Azure App代理连接器。 I am able to contact the service fine with Pass-through authentication, but struggling to authenticate from a console app when Azure AD is chosen as security mechanism. 我可以通过传递身份验证很好地与服务联系,但是当选择Azure AD作为安全性机制时,很难从控制台应用程序进行身份验证。 I know I could have pass-through in Azure and turn on for example windows authentication in IIS, but this is unfortunately not an option in this case. 我知道我可以在Azure中进行传递并在IIS中打开例如Windows身份验证,但是不幸的是,在这种情况下,这不是一个选择。

Using a browser, I am able to access the application fine, don't even need to enter credentials, our on-premise AD is connected and synchronized with Azure AD. 使用浏览器,我可以很好地访问应用程序,甚至不需要输入凭据,我们的本地AD已连接并与Azure AD同步。

I followed this walk-through despite it is not regarding application proxy, and reusing parts of code I am able to get the Access Token for my application, but when I run the http request with Authorization header I don't get the result of service operation. 我跟着这个步行通过没有关于应用代理和重用的代码,我能够获得访问令牌我的应用程序部分,但是当我运行与Authorization头的HTTP请求我没有得到服务的结果,尽管它操作。

Using Fiddler I can note the following: 使用Fiddler,我可以注意以下几点:

  1. I get http 302 (Found). 我得到http 302(找到)。 I can see my Authorization header in request, and in response I get a cookie AzureAppProxyAnalyticCookie 我可以在请求中看到我的Authorization标头,作为响应,我得到一个cookie AzureAppProxyAnalyticCookie
  2. That is followed with http 200 to login.microsoftonline.com 其次是http 200来login.microsoftonline.com

Example I provided link for above works fine so it is clear that I am doing something wrong. 我为上述示例提供的链接示例运行正常,因此很明显我做错了。 Why is Authorization header not accepted and why am I being redirected to logon page? 为什么不接受授权标头,为什么将我重定向到登录页面?

Thanks in advance 提前致谢

1 个解决方案

解决方案1
 0 已采纳  2018-06-13 12:26:03

This is working for another service, have no idea what was wrong with the first one, but suspecting something with DNS on local server. 这正在为另一项服务工作,不知道第一个服务出了什么问题,但怀疑本地服务器上的DNS有问题。 Won't be spending more time on this, point is that I shouldn't have experienced the redirect at all, although browser handled it and managed to get me authenticated. 不会花更多的时间在此上,这是尽管浏览器已处理重定向并设法使我通过身份验证,但我根本不应该经历重定向。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用Azure代理AD和ADAL在SharePoint上进行身份验证? - How to Authenticate on SharePoint On Prem with Azure Proxy AD and ADAL? 使用 Azure AD 在 .net 核心应用程序 (Blazor) 中对用户进行身份验证 - Using Azure AD to authenticate users in a .net core application (Blazor) 如何验证 Azure AD 用户? - How to Authenticate Azure AD users? 未能验证 BlobServiceClient 和 Azure AD - Failing to authenticate BlobServiceClient and Azure AD 从公司代理后面使用.Net Core 3.00 使用 Azure AD 进行身份验证 - Authenticate with Azure AD using .Net Core 3.00 from behind Corporate Proxy 是否可以使用用户名和密码对图形 API 进行身份验证,而无需在 Azure AD 中注册应用程序 - Is there way to authenticate to Graph API using Username and Password without Application Registration in Azure AD 使用 x509 证书向 Azure AD 验证 Asp.net 4.7.2 应用程序 - Authenticate Asp.net 4.7.2 application to Azure AD using x509 certificate 使用OpenIdConnect和Azure AD对CORS请求进行身份验证 - Authenticate CORS request using OpenIdConnect and Azure AD 通过 Azure AD 应用程序代理从客户端发出的请求中缺少授权标头 - Authorization header is missing in request from client via Azure AD Application Proxy 通过Azure Functions对Azure AD中的用户进行身份验证(验证用户名和密码) - Authenticate User In Azure AD (validate username & password) via Azure Functions
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM