使用OAuth2客户端凭据流保护Azure API管理中的后端服务
[英]Securing Back end services in Azure API Management using OAuth2 Client Credentials flow
问题描述
I have deployed a .NET Core Web API and provided access through Azure API Management. 
我已经部署了.NET Core Web API,并通过Azure API管理提供了访问。 I now wish to secure the back end using OAuth2 Client Credentials flow. 现在,我希望使用OAuth2客户端凭据流来保护后端。
I have added Azure AD Authentication as follows: 我添加了Azure AD身份验证,如下所示:
services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
.AddAzureADBearer(options =>
{
Configuration.Bind("AzureAd", options);
});
I have created an App Registration and Client Secret in Azure AD and confirmed it is working by creating a token using the code below and calling the API. 我已经在Azure AD中创建了应用注册和客户端密钥,并通过使用下面的代码创建令牌并调用API来确认它正在运行。
var clientCred = new ClientCredential(clientId, clientSecret);
var result = await authContext.AcquireTokenAsync(resource, clientCred);
return result.AccessToken;
Is it possible to use this flow in Azure API Management? 是否可以在Azure API管理中使用此流程? I would like Azure API Management to handle acquiring the token and passing in the header. 我希望Azure API管理来处理获取令牌并传入标头。
The closest I have found is the following article but this seems to involve the consumer of the API passing headers which seems to defeat the point of the API Management subscription functionality 我发现的最接近的是下面的文章,但这似乎涉及API传递标头的使用者,这似乎使API Management订阅功能失去作用
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad https://docs.microsoft.com/zh-CN/azure/api-management/api-management-howto-protect-backend-with-aad
1 个解决方案
解决方案1
0 2019-04-26 17:41:41
At the moment the only way to do that at APIM side is to use send-request policy to do OAuth flow. 目前,在APIM端执行此操作的唯一方法是使用send-request策略执行OAuth流。 That will require you to give APIM client id and secret, but you could use named values to store those securely. 这将需要您提供APIM客户端ID和密码,但是您可以使用命名值来安全地存储它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.