简体   繁体   English

Azure Functions 中的 Azure AD 身份验证

[英]Azure AD Authentication in Azure Functions

I am a newbie to Azure AD and trying to enable Azure AD Authentication on the Azure Functions.我是 Azure AD 的新手,正在尝试在 Azure Functions 上启用 Azure AD 身份验证。 Below is the architecture.下面是架构。

There are 2 components:有2个组件:

  1. Front-end Web application (Nodejs + Express app)前端 Web 应用(Nodejs + Express 应用)
  2. Back-end APIs (Azure Functions using .NET core)后端 API(使用 .NET 核心的 Azure 函数)
  • AD authentication has been enabled on front-end application.已在前端应用程序上启用 AD 身份验证。 When the users sign in using their AD credentials, the app gets an access token, refresh token, and id token from Azure.当用户使用他们的 AD 凭据登录时,应用程序会从 Azure 获取访问令牌、刷新令牌和 ID 令牌。
  • AD authentication is enabled on the Azure Functions as well. Azure Functions 上也启用了 AD 身份验证。
  • id_token from the web app is passed as a Bearer token in the Auth header when we try to access the Azure Functions.当我们尝试访问 Azure Functions 时,来自 Web 应用程序的 id_token 作为 Auth 标头中的不记名令牌传递。

Reference: https://docs.microsoft.com/en-us/azure/app-service/tutorial-auth-aad?pivots=platform-linux参考: https : //docs.microsoft.com/en-us/azure/app-service/tutorial-auth-aad?pivots=platform-linux

Issue:问题:

  • When the Authentication/Authorization on the Azure Functions (via the Azure Portal) using the Express mode is enabled, I am unable to access or publish Azure functions.启用使用 Express 模式对 Azure Functions(通过 Azure 门户)进行身份验证/授权时,我无法访问或发布 Azure 函数。 If the EasyAuth is turned off, I am able to access the functions w/o any issues.如果 EasyAuth 关闭,我就可以在没有任何问题的情况下访问这些功能。

Kindly advice what I am missing here.请建议我在这里缺少什么。 Thanks in advance!提前致谢!

Below is the exception info from the LogStream:以下是来自 LogStream 的异常信息:

Unhandled exception in request pipeline: System.Net.WebException: The remote server returned an error: (400) Bad Request.
2020-11-11T01:28:38.421239842Z: [INFO]           at System.Net.HttpWebRequest.GetResponse()
2020-11-11T01:28:38.429941331Z: [INFO]           at Microsoft.Azure.AppService.Middleware.OpenIdConnectConfiguration.Download(String url) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/OpenIdConnectConfiguration.cs:line 62
2020-11-11T01:28:38.437673222Z: [INFO]           at Microsoft.Azure.AppService.Middleware.OpenIdConnectConfiguration.ConfigManager.RefreshConfiguration() in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/OpenIdConnectConfiguration.cs:line 163
2020-11-11T01:28:38.437688622Z: [INFO]           at Microsoft.Azure.AppService.Middleware.OpenIdConnectConfiguration.ConfigManager.GetCurrentConfiguration() in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/OpenIdConnectConfiguration.cs:line 150
2020-11-11T01:28:38.437693322Z: [INFO]           at Microsoft.Azure.AppService.Middleware.AzureActiveDirectoryProvider.GetDefault() in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/IdentityProviders/AzureActiveDirectoryProvider.cs:line 808
2020-11-11T01:28:38.437697222Z: [INFO]           at Microsoft.Azure.AppService.Middleware.EasyAuthModule.AuthenticateAsync(HttpContextBase context)
2020-11-11T01:28:38.437712122Z: [INFO]           at Microsoft.Azure.AppService.Middleware.EasyAuthModule.OnAuthenticateRequestAsync(HttpContextBase context) in /EasyAuth/Microsoft.Azure.AppService.Middleware.Modules/EasyAuthModule.cs:line 243
2020-11-11T01:28:38.437716222Z: [INFO]           at Microsoft.Azure.AppService.MiddlewareShim.Startup.OnRequest(HttpContext context) in /EasyAuth/Middleware.Host/Startup.cs:line 124
  

If you are using EasyAuth to protect your Azure function, you should use the access_token to call it instead of id_token .如果你使用 EasyAuth 来保护你的 Azure 函数,你应该使用access_token而不是id_token来调用它。 Please let me know if you have any further questions.如果您有任何其他问题,请告诉我。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM