如何使用不记名令牌授权一个 Azure Active Directory 应用程序访问不同的 AAD 应用程序服务 Web API?
[英]How do I authorize one Azure Active Directory app to access a different AAD App Service Web API using a Bearer token?
问题描述
I've been searching for a couple days, and I can't seem to find a straightforward guide on how to set up Authorization (AuthZ) between an AAD App and my AAD Web API set up in App Service.
我已经搜索了几天,似乎找不到关于如何在应用服务中设置 AAD 应用程序和我的 AAD Web API 之间设置授权 (AuthZ) 的简单指南。 I've tried things like this official guide , but I can't seem to get calls with a Bearer token from the client app to work.我已经尝试过类似这个官方指南的东西,但我似乎无法从客户端应用程序中获得带有 Bearer 令牌的调用。
Has anyone done this successfully?有没有人成功做到这一点? Is there a step by step guide out there that could help?是否有分步指南可以提供帮助?
Please let me know if there are any questions!如果有任何问题,请告诉我!
1 个解决方案
解决方案1
2 已采纳 2020-04-03 06:09:10
To implement your requirements, you need to expose an api in your AAD Web API first.要实现您的要求,您需要首先在您的 AAD Web API 中公开一个 api。
Then go to your AAD App which used to request the token, add the permission to it.然后 go 到您用于请求令牌的 AAD 应用程序,为其添加权限。
Click "Grant admin consent for *" button.单击“授予管理员同意 *”按钮。
After that, we can request the access token successfully (below I provide a sample use password flow for your reference)之后,我们就可以成功请求访问令牌了(下面我提供了一个示例使用密码流程供您参考)
In your Web API app, you need to parse the access token and get the scope permission from the access token.在您的 Web API 应用程序中,您需要解析访问令牌并从访问令牌中获取 scope 权限。 And then determine whether the request has permission.然后判断请求是否有权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.