[英]Azure AD Parameter values
I am working on Azure AD authentication.我正在处理 Azure AD 身份验证。 I always get 401 even though my token is valid.即使我的令牌有效,我也总是收到 401。 Where can I get the value of Tenant and ValidAudience?在哪里可以获取 Tenant 和 ValidAudience 的值?
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant =
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidAudience =
}
});
You can give the value of tenant and valid audience by modifying your startup method like below:您可以通过如下修改启动方法来提供租户和有效受众的价值:
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:TenantId"]
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidAudience = ConfigurationManager.AppSettings["ida:Audience"]
}
});
The value of ida:TenantId
will be your Azure AD tenant ID. ida:TenantId
的值将是您的Azure AD 租户 ID。
Ensure to add below keys in web.config file -> app settings
before calling startup method.在调用启动方法之前,请确保在web.config file -> app settings
中添加以下键。
<appSettings>
<add key="ida:ClientId" value="[Enter the Application Id (also named ClientId) for the application]" />
<add key="ida:TenantId" value="[Enter the tenant/Directory Id name]" />
<add key="ida:Audience" value="[Enter App ID URI of your application]" />
</appSettings>
You can find your Application(Client) ID
and Tenant(Directory) ID
from here:您可以从此处找到您的Application(Client) ID
和Tenant(Directory) ID
:
Go to Azure Portal -> Azure AD -> App Registrations -> Your Application -> Overview Go 到 Azure 门户 -> Azure AD -> App Registrations -> Your Application -> Overview
After registering the application in Azure AD, set Application ID URI by exposing the API like below:在 Azure AD 中注册应用程序后,通过公开 API 来设置应用程序 ID URI,如下所示:
The value of ida:Audience
will be your Application ID URI that will be in the form of api://yourappid
ida:Audience
的值将是您的应用程序 ID URI ,其形式为api://yourappid
Make sure to add required scopes to avoid 401 Error
.确保添加所需的范围以避免401 Error
。
Reference:参考:
GitHub - Azure-Samples/active-directory-do.net-webapi-manual-jwt-validation. GitHub - Azure-Samples/active-directory-do.net-webapi-manual-jwt-validation。
Azure Active Directory - Create Applications, Add Scopes And Add API Access (c-sharpcorner.com) Azure Active Directory - 创建应用程序、添加范围并添加 API 访问 (c-sharpcorner.com)
The usual WindowsAzureActiveDirectoryBearerAuthentication middleware uses a metadata endpoint which is not supported by the v2.0 endpoint.通常的 WindowsAzureActiveDirectoryBearerAuthentication 中间件使用 v2.0 端点不支持的元数据端点。 Instead, this OpenIdConnectSecurityTokenProvider implementation can be used to fetch & use the OpenIdConnect metadata document - which for the v2 endpoint is https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration相反,此 OpenIdConnectSecurityTokenProvider 实现可用于获取和使用 OpenIdConnect 元数据文档——v2 端点为https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new JwtFormat(
new TokenValidationParameters
{
// Check if the audience is intended to be this application
ValidAudiences = new[] { clientId, "api://clientId" },
// Change below to 'true' if you want this Web API to accept tokens issued to one Azure AD tenant only (single-tenant)
// Note that this is a simplification for the quickstart here. You should validate the issuer. For details,
// see https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore
ValidateIssuer = false,
},
new OpenIdConnectSecurityTokenProvider("https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration")
),
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.