[英]Azure AD Multitenant WebApi Bearer Authorization Configuration
I'm currently working on an ASP.net MVC and Web API project with AAD single sign on. 我目前正在使用AAD单点登录进行ASP.net MVC和Web API项目。 The current problem I'm facing is that I don't know how to configure the authorization for the WebAPI.
我目前面临的问题是我不知道如何配置WebAPI的授权。 This is my current way I've tried but it doesn't work.
这是我目前尝试过的方法,但是不起作用。
public void ConfigureAuth(IAppBuilder app)
{
...
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = "common",
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = audience,
ValidateIssuer = false
} });
...}
And I fetch the access token trough postman token predefined token request and that works. 而且我通过邮递员令牌预定义的令牌请求获取访问令牌,并且该方法有效。
When I call the WebAPI (Header: Authorization -> Bearer )I got the following exception back: 当我调用WebAPI时(标题:授权->承载),我得到了以下异常:
{
"Message": "Authorization has been denied for this request."
}
Do I have to prepare the token request, the API header, or the configuration? 我是否需要准备令牌请求,API标头或配置?
BG, Tom BG,汤姆
Here is a sample about Building a multi-tenant web API secured by Azure AD . 这是有关构建由Azure AD保护的多租户Web API的示例。 You could download it and follow the steps it provided to configure it.
您可以下载它,并按照其提供的步骤进行配置。
The application uses the Active Directory Authentication Library (ADAL) to obtain a JWT access token through the OAuth 2.0 protocol. 该应用程序使用Active Directory身份验证库(ADAL)通过OAuth 2.0协议获取JWT访问令牌。 The access token is sent to the web API to authenticate the user.
访问令牌将发送到Web API以对用户进行身份验证。 The web API project demonstrates how to structure your services for being accessed by users coming from multiple Azure AD tenants.
Web API项目演示了如何构造服务以供来自多个Azure AD租户的用户访问。
As you want to login multiple tenants, you need to go to the app registered and click Manifest
option set availableToOtherTenants
to true
. 当您要登录多个租户时,需要转到已注册的应用程序,然后单击
Manifest
选项,将availableToOtherTenants
设置为true
。
For more details, you could refer to this article . 有关更多详细信息,请参阅本文 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.