此请求的授权已被拒绝 - 桌面到 ASP.NET Web API
[英]Authorization has been denied for this request - Desktop to ASP.NET Web API
问题描述
I have been banging my head against a wall for some time now.
一段时间以来,我一直在用头撞墙。 Desktop WPF app calling a ASP.NET Web API.桌面 WPF 应用程序调用 ASP.NET Web ZDB974238714CA8DE634A7CE1D083A14 I am using the [AUTHORIZE] annotation on the ASP.NET app.我在 ASP.NET 应用程序上使用[AUTHORIZE]注释。 This is where the problems have started.这就是问题开始的地方。 Using MSAL from the WPF app.使用 WPF 应用程序中的 MSAL。
static App()
{
_clientApp = PublicClientApplicationBuilder.Create(ClientId)
.WithAuthority(AzureCloudInstance.AzurePublic, Tenant)
.WithDefaultRedirectUri()
.Build();
}
ClientId refers to the app registration of the desktop app in Azure. ClientId是指桌面应用在Azure中的应用注册。
string[] scopes = new string[] { "api://****-f56f-4cec-a771-dbdb5d43f047/access_as_user" };
var accounts = await App.PublicClientApp.GetAccountsAsync();
AuthenticationResult authResult;
try
{
authResult = await App.PublicClientApp
.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
.ExecuteAsync();
}
catch (Exception)
{
authResult = await App.PublicClientApp
.AcquireTokenInteractive(scopes)
.ExecuteAsync();
}
App registration for the web api is also there. web api 的应用程序注册也在那里。 I have set up the scope via 'Expose an API' and given delegated permission to the desktop app to call into the web api.我已经通过“公开 API”设置了 scope,并授予桌面应用程序调用 web api 的权限。
When I call in I get当我打电话时,我得到
StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers
I can call a non AUTHORIZE endpoint no problem, so the api is working fine.我可以调用非 AUTHORIZE 端点没问题,所以 api 工作正常。 I have endlessly been through the MSAL documentation.我无休止地浏览了 MSAL 文档。
Things I am unsure about.我不确定的事情。 AppRoles in the manifest.清单中的 AppRoles。 Do they need to be authorised anywhere apart from adding to the manifest?除了添加到清单之外,他们是否需要在任何地方获得授权? Do I leave App Service (Web api) as 'Anonymous access is enabled on the App Service app.我是否将应用服务 (Web api) 保留为“在应用服务应用上启用了匿名访问”。 Users will not be prompted for login.'不会提示用户登录。 Is MSAL taking care of that. MSAL 是否会处理这些问题。 I am assuming you can either use MSAL code or secure the api via AD (Authenication/Authorization)我假设您可以使用 MSAL 代码或通过 AD 保护 api(身份验证/授权)
I have dug myself in a hole and can see out right now, so excuse me a little.我已经把自己挖了一个洞,现在可以看到外面,所以请原谅我。 Thanks谢谢
1 个解决方案
解决方案1
1 2020-05-26 16:23:24
please take a look at: https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad#-configure-with-advanced-settings请看一下: https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad#-configure-with-advanced-settings
at the top of that document there is a note saying:在该文件的顶部有一条说明:
Note
The express settings flow sets up an AAD V1 application registration. If you wish to use Azure Active Directory v2.0 (including MSAL), please follow the advanced configuration instructions.
basically means that you can't really use msal with the express setup.基本上意味着您不能真正将 msal 与快速设置一起使用。 but can with advanced.但可以用高级。
then the section under it describes what you need to do for a desktop app in terms of adding api permissions to your app service.然后它下面的部分描述了在将 api 权限添加到您的应用程序服务方面您需要为桌面应用程序执行的操作。
Hopefully this puts you a bit on the right track, if not please comment further and i will try to help as much as possible.希望这能让你走上正轨,如果没有,请进一步评论,我会尽力提供帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.