尝试使用承载令牌执行 API 调用时获取 401,承载令牌部署并受 Azure 广告身份验证保护
[英]Getting 401 while trying perform API call with bearer token which is deployed and protected with Azure Ad Authentication
问题描述
Im trying to create a runbook using powershell, while calling the api(Deployed in azure) using invoke webrequest,im passing the access token in headers and im not getting authenticated.
我尝试使用 powershell 创建运行手册,同时使用调用 webrequest 调用 api(部署在 azure 中),我在标头中传递访问令牌并且我没有获得身份验证。
$TenantId="xyxyxyx"
$MapUrl="https://graph.microsoft.com"
$Authority="https://login.microsoftonline.com/$TenantId"
$ClientSecret="secret"
$AuthContext=New-Object "Micorsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext -argumentlist $Authority
$ClientCredential=New-Object "Micorsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential -argumentlsit $ClientId,$ClientSecret
$ResultToken=$AuthContext.AcquireTokenAsync($MapUrl,$ClientCredential).Result
By Using the above steps i got the access token then im using the token in the request like this
Invoke-WebRequest -uri 'https://sssss/api/Get' -Headers @{"Authorization"="(Bearer $ResultToken.AccessToken)"}
I dont know what im missing can someone help me with this. Thanks in Advance
1 个解决方案
解决方案1
0 已采纳 2021-01-06 02:17:01
Your script obtains the access token for Microsoft Graph API, to call your custom API, you need to obtain the access token for the AD App which represents your API.您的脚本获取 Microsoft Graph API 的访问令牌,要调用您的自定义 API,您需要获取代表您的 API 的 AD 应用程序的访问令牌。
Navigate to the portal -> Azure Active Directory -> App registrations -> find the AD App which represents your API -> Expose an API -> get the Application ID URI (if you didn't set it, click Set to set it).导航到门户 -> Azure Active Directory -> App registrations -> 找到代表您的 API 的 AD 应用程序 -> Expose an API -> 如果没有Set它,请单击Application ID URI .
Then in your script, change the $MapUrl with it.然后在您的脚本中,用它更改$MapUrl 。
$MapUrl="Application ID URI"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.