无法在Swagger中进行身份验证
[英]Unable to Authenticate in Swagger
问题描述
Hi I have developed web application in .net core. 
嗨,我已经在.net core中开发了Web应用程序。 I registered two application in azure ad. 我在azure广告中注册了两个应用程序。 One for my web api and one for my swagger. 一种用于我的Web API,另一种用于我的招摇。 As per http://www.sharepointconfig.com/2018/08/configure-swagger-to-authenticate-against-azure-ad/ We need to add api access in swagger to communicate with web api. 根据http://www.sharepointconfig.com/2018/08/configure-swagger-to-authenticate-against-azure-ad/,我们需要在招摇中添加api访问权限才能与Web api进行通信。 But whenever I try to add permission in azure portal I dont see my web api app. 但是,每当我尝试在azure门户中添加权限时,我都看不到我的Web api应用程序。 I am not sure I do not see my web app to give api access. 我不确定我没有看到我的Web应用程序授予api访问权限。 Next Whenever I click on authorize in swagger I get error message The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Next每当我单击大笔授权时,我都会收到错误消息。客户端已请求访问未在客户端应用程序注册的所请求权限中列出的资源。 Below is error screen shot. 下面是错误的屏幕截图。
Below is code. 下面是代码。
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" });
c.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Type = "oauth2",
Flow = "implicit",
AuthorizationUrl = "https://login.microsoftonline.com/8b95-448d-b259-98a44d112f7c/oauth2/authorize",
Scopes = new Dictionary<string, string>
{
{ "openid", "Sign In Permissions" },
{ "profile", "User Profile Permissions" } },
TokenUrl = "https://login.microsoftonline.com/98a44d112f7c/oauth2/token"
});
});
In configure, 在配置中,
app.UseSwaggerUI(c =>
{
c.OAuthClientId(Configuration["Swagger:ClientId"]);
c.OAuthClientSecret(Configuration["Swagger:ClientSecret"]);
c.OAuthRealm(Configuration["AzureAD:ClientId"]);
c.OAuthAppName("My API V1");
c.OAuthScopeSeparator(" ");
c.OAuthAdditionalQueryStringParams(new { resource = Configuration["AzureAD:ClientId"] });
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
});
May I know how can I fix the above issue? 我可以知道如何解决以上问题吗? Can someone help me to find this issue? 有人可以帮我找到这个问题吗? Any help would be appreciated. 任何帮助,将不胜感激。 Thanks 谢谢
1 个解决方案
解决方案1
0 已采纳 2019-09-13 17:36:53
One thing that is different in one of my apps is that we define the additional query parameters with a dictionary: 与我的一个应用程序不同的一件事是,我们用字典定义了附加的查询参数:
options.OAuthAdditionalQueryStringParams(new Dictionary<string, string>
{
["resource"] = _configuration["SwaggerUi:ApiResourceUri"]
});
But that's probably not the reason for the issue. 但这可能不是问题的原因。 You need to find the Swagger app registration in Azure AD, identified by the client id you have in Configuration["Swagger:ClientId"] . 您需要在Azure AD中找到Swagger应用程序注册,该注册由您在Configuration["Swagger:ClientId"]的客户端ID标识。 There you need to go to API permissions, and add all of the delegated permissions defined by your API. 在那里,您需要转到API权限,并添加API定义的所有委托权限。
If you haven't defined any scopes, find the app registration for your API and open the Expose an API tab. 如果您尚未定义任何范围,请为您的API查找应用程序注册,然后打开“公开API”标签。 Guide for adding scopes: https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-protected-web-api-app-registration#exposing-delegated-permissions-scopes 添加范围的指南: https : //docs.microsoft.com/zh-cn/azure/active-directory/develop/scenario-protected-web-api-app-registration#exposed-delegated-permissions-scopes
Also, technically you don't need to specify scopes, since you are using the v1 endpoint. 同样,从技术上讲,您不需要指定范围,因为您正在使用v1端点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.