[英]Azure API Management: How to authenticate with Microsoft Identity to backend?
We host a .net WebAPI webapp in Azure.我们在 Azure 中托管了 .net WebAPI webapp。 The webapp uses Microsoft Identity/OAuth2 for authentication. webapp 使用 Microsoft Identity/OAuth2 进行身份验证。 For some tests, we authorized some users for the WebAPI.对于一些测试,我们授权一些用户使用 WebAPI。 This works as expected.这按预期工作。
Now we added Azure API Management as a front proxy for our WebAPI webapp.现在我们添加了 Azure API Management 作为我们 WebAPI webapp 的前端代理。 We added all endpoints but we're unable to enable the API Management to use the backend WebAPI, because it's unauthorized by nature.我们添加了所有端点,但我们无法启用 API 管理以使用后端 WebAPI,因为它本质上是未经授权的。 And we don't know how the API Management can access it, since it has no identity as we know that we could authorize.而且我们不知道 API 管理如何访问它,因为它没有我们知道我们可以授权的身份。
How does this need to be done?这需要怎么做?
You can achieve this be enabling Managed Identity on APIM .您可以通过在 APIM 上启用 Managed Identity来实现这一点。
Then you can use this MI in a policy to inject a JWT on backend requests.然后,您可以在策略中使用此 MI 在后端请求中注入 JWT。
<authentication-managed-identity resource="resource" client-id="clientid of user-assigned identity" output-token-variable-name="token-variable" ignore-error="true|false"/>
https://docs.microsoft.com/en-us/azure/api-management/api-management-authentication-policies#ManagedIdentity https://docs.microsoft.com/en-us/azure/api-management/api-management-authentication-policies#ManagedIdentity
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.