如何在同一应用程序中对MVC Web应用程序和Web API进行身份验证/授权

Question

我们使用asp.net MVC框架开发了一个Web应用程序，该框架具有用于身份验证/授权的Azure活动目录。 现在的问题是，我们将在该Web应用程序中使用api。 为了对Web api进行身份验证，我们可以使用与成功授权webapp Web应用程序时获得的请求令牌相同的令牌。

谢谢，Tamilselvan S.

Answer 1

您可以为Web应用程序支持OWIN添加多个身份验证中间件。 要同时支持cookie和承担认证，您可以参考以下代码：

app.UseWindowsAzureActiveDirectoryBearerAuthentication(
    new WindowsAzureActiveDirectoryBearerAuthenticationOptions
    {
        Audience = ConfigurationManager.AppSettings["ida:Audience"],
        Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
});

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {

        ClientId = clientId,
        Authority = Authority,
        Notifications = new OpenIdConnectAuthenticationNotifications()
        {
            RedirectToIdentityProvider = (context) =>
            {
                // This ensures that the address used for sign in and sign out is picked up dynamically from the request
                // this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings
                // Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
                string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
                context.ProtocolMessage.RedirectUri = appBaseUrl + "/";
                context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;

                return Task.FromResult(0);
            },

            AuthenticationFailed = (context) =>
            {
                // Suppress the exception if you don't want to see the error
                context.HandleResponse();

                return Task.FromResult(0);
            }

        },
        TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
        {
            ValidateIssuer = false,
        }

    });