简体繁体 English

针对 Azure API 管理进行身份验证

[英]Authenticate Against Azure API Management

原文 2019-12-10 22:28:03 3 1 azure/ basic-authentication/ azure-api-management

I have an existing API Management service that I have enabled REST APIs with.我有一个已启用 REST API 的现有 API 管理服务。 The API management services comes by default with a developer portal where people can register to use our APIs.It looks something like this.默认情况下，API 管理服务带有一个开发人员门户，人们可以在其中注册使用我们的 API。它看起来像这样。

As you can see, you can register here but also sign in. This API management service by default uses basic authentication to move you forward.如您所见，您可以在此处注册，但也可以登录。默认情况下，此 API 管理服务使用基本身份验证来推动您前进。 After looking at the docs for API management service, I was not able to find anything that would help me replicate this so I can use APIs to make the same /register or /login calls.查看 API 管理服务的文档后，我找不到任何可以帮助我复制此内容的内容，因此我可以使用 API 进行相同的 /register 或 /login 调用。

My question is, how can I use my own Angular app to make API calls with a simple username/pw to allow user registration and login against API management service?我的问题是，如何使用我自己的 Angular 应用程序使用简单的用户名/密码进行 API 调用，以允许用户注册和登录 API 管理服务？

1 个解决方案

See here https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/user/createorupdate for an API call to create a new User in API Management.请参阅此处https://docs.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/user/createorupdate以获取在 API 管理中创建新用户的 API 调用。

There are two ways to address APIM management API. APIM 管理 API 有两种寻址方式。 The default and most commonly used way is through ARM ( https://management.azure.com ) this way you only will be able to use ARM auth and will go through usual RBAC checks before you're given access to any operation.默认和最常用的方式是通过 ARM ( https://management.azure.com ) 这样您只能使用 ARM 身份验证，并且在您获得任何操作的访问权限之前将通过常规的 RBAC 检查。

If you're aiming towards how dev portal itself uses APIM management API then you need to follow this guidance: https://docs.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/azure-api-management-rest-api-authentication .如果您的目标是开发门户本身如何使用 APIM 管理 API，那么您需要遵循以下指南： https : //docs.microsoft.com/en-us/rest/api/apimanagement/apimanagementrest/azure-api-management-休息 API 身份验证。 On one thing this allows you to create SAS token and call management API directly (notice that hostname in base URL is different), but more interestingly, once this API is enabled it becomes possible to call it anonymously as well.一方面，这允许您直接创建 SAS 令牌和调用管理 API（注意基本 URL 中的主机名不同），但更有趣的是，一旦启用此 API，就可以匿名调用它。 Of course only data you expose to anonymous users through dev portal is available this way.当然，只有通过开发门户向匿名用户公开的数据才可用这种方式。

More interestingly though is that it opens possibility to make Basic auth calls to such management API.更有趣的是，它开启了对此类管理 API 进行基本身份验证调用的可能性。 Anonymous user could make call to any endpoint with Basic auth token based on user email and password and be authenticated this way.匿名用户可以使用基于用户电子邮件和密码的基本身份验证令牌调用任何端点，并通过这种方式进行身份验证。