[英].Net Core MSAL Authentication for Azure Function App Web API
I have a Azure Function App that is written in C# .net Core我有一个用 C# .net Core 编写的 Azure Function App
I use Microsoft.Identity.Client;
我使用Microsoft.Identity.Client;
library to do this authentication proccess.库来执行此身份验证过程。
In my Function App API, I make another call to Time Series Insights (TSI), so I must use the accessToken passed into the Function App to grab a new token for scope of TSI.在我的函数应用程序 API 中,我再次调用时序洞察 (TSI),因此我必须使用传递到函数应用程序的 accessToken 来获取 TSI 范围的新令牌。
There are two main flows that need to be working, but I can only get one version to work.有两个主要流程需要工作,但我只能让一个版本工作。
The working version is getting a token in PostMan and Authenticating to the API工作版本正在 PostMan 中获取令牌并对 API 进行身份验证
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithClientSecret(clientSecret)
.WithTenantId(tenantId)
.Build();
confidentialClientApplication.AcquireTokenForClient(scopes).ExecuteAsync();
The NOT working flow - where the User is signed into my website and calls the API from the website. NOT工作流程 - 用户登录到我的网站并从网站调用 API。 Then I must use the然后我必须使用
UserAssertion userAssertion = new UserAssertion(accessToken);
confidentialClientApplication.AcquireTokenOnBehalfOf(scopes, userAssertion).ExecuteAsync();
The AcquireTokenOnBehalfOf
works for me until the token is expired in the Cache. AcquireTokenOnBehalfOf
对我AcquireTokenOnBehalfOf
,直到令牌在缓存中过期。 I am using the Azure Token Store in the Function App Authentication.我在函数应用身份验证中使用 Azure 令牌存储。
The website gets a token similarly to PostMan, and then calls the Function App API.网站类似于PostMan,获取token,然后调用Function App API。 That much is working, but then the token is expired.这么多工作正常,但令牌已过期。 The documentation says that to use the token store a silent request can be used to refresh the token ( AcquireTokenSilent
) - but that does not make sense to me since I do not have an IAccount
to use for confidentialClientApplication.AcquireTokenSilent(scopes, acount)
文档说要使用令牌存储,可以使用静默请求来刷新令牌( AcquireTokenSilent
) - 但这对我来说没有意义,因为我没有IAccount
用于IAccount
confidentialClientApplication.AcquireTokenSilent(scopes, acount)
What is the correct way or a better way to have both options available for authenticating while using the built-in Function App Token Store in Azure Portal?在 Azure 门户中使用内置 Function App Token Store 时,让这两个选项都可用于身份验证的正确方法或更好的方法是什么?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.