![](/img/trans.png)
[英]Sending a GET request to an ASP.NET Core Web Application API using Azure AD Authentication returns 401
[英]Web API (.NET Framework) Azure AD Authentication always returns 401 Unauthorized
我的场景就像我必须在 Azure Web App 中部署 Web API(.NET Framework),并且所有请求都应该通过 Azure AD 身份验证。 我用谷歌搜索并找到了微软提供的类似案例。 我遵循了 Microsoft 提供的以下示例,当我在机器上测试此代码时,它运行良好。
就我而言,我能够生成 OAuth2 令牌,但问题是我总是收到 401 Unauthorized 错误。 我关注了很多博客,但无法弄清楚是什么导致了问题。 任何帮助都非常感谢。
这里我的代码是:
启动文件
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
}
}
启动.Auth.cs
public void ConfigureAuth(IAppBuilder app)
{
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
TokenValidationParameters = new TokenValidationParameters { ValidAudience = ConfigurationManager.AppSettings["ida:Audience"] }
});
}
控制器.cs
[Authorize]
[EnableCors(origins: "*", headers: "*", methods: "*")]
public class AuthController : ApiController
{
[HttpGet]
public HttpResponseMessage Get()
{
try
{
using (sqldbEntities entities = new sqldbEntities())
{
return Request.CreateResponse(HttpStatusCode.OK, (ConfigurationManager.AppSettings["GetMethod"]));
}
}
catch (Exception ex)
{
Log4net.log.Error(string.Format(ConfigurationManager.AppSettings["ErrorGetData"], ex.Message));
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message);
}
}
以两种方式生成令牌:方法 1)从另一个 ASP.NET 应用程序
private static AuthenticationContext authContext = null;
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
Uri redirectUri = new Uri(ConfigurationManager.AppSettings["ida:RedirectUri"]);
private static string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
private static string todoListResourceId = ConfigurationManager.AppSettings["todo:TodoListResourceId"];
protected async void Button1_Click(object sender, EventArgs e)
{
authContext = new AuthenticationContext(authority);
AuthenticationResult result = null;
result = await authContext.AcquireTokenAsync(todoListResourceId, clientId, redirectUri, new PlatformParameters(PromptBehavior.Always));
TextBox1.Text = result.AccessToken;
}
方法 2)来自 Postman URL: https : //login.microsoftonline.com/myad.onmicrosoft.com/oauth2/token
方法:POST
体:grant_type = authorization_code&CLIENT_ID = 89479d4f-AAAA-4ebf-80f2-13e423431bfb&client_secret = hZ_8Ls1EmFarH_lPn4 = AAAA-k8TJ_&REDIRECT_URI = https://开头NAClient-OBO /&代码= AQABAAIAAABeAFzDwllzTYGDLh_qYbH8KZRKktzMuxXp0hM6k1B__lWQrxaikd6wwrYrKZ470UAdr4g1GqAPWja6JgpqsDtLefE23vW80qP7xgVodury28LkGLzL1Mbq0auUeiBaaaa-oCZf11o5EsaSVRVlke6FMkbIn_ppA_GsEBhIAEjxHXXjkrIcp-e4g0G5t9prme4IZ0Sg2_L4MvN6TAyr-nEPGDlnWZLBkRvu8Izsm3RiI_cnneCi1xonZaKBSlsgONIwpgN1bOaz16OVW2uu5lTiz206CSrJtzWeKkitPNUx2Gnn-RnZcCUVDyLxK-eJy8o_ggn_iu7F7kdjKj-b70Gfp5BPYx6fxB4Zyw8tpnWzVkLG7IbLGx9di112u-UGgVSBfWQiO5w3a4Mx2KdDcUihMlVW_mgBUdQi4160AKq1Id9ZcpJEKCT11KWwkO25_q7huCxJ_6-mEU4ADCGjj8hDOtRLGNeZMwhB13rYTN7qGQMmpX491RoldCfpfevva16DhQl5VHbIqspknkK1pFHvh90J47DSg0VihQOIQp1FZ7EgAA&资源= 89479d4f-aaaa-4ebf-80f2-13e423431bfb
请帮忙。
根据我的测试,我们可以使用以下步骤来实现
为 Web API 配置 Azure AD。 更多详情请参考文档
一种。 创建 Azure AD Web api 应用程序
湾 公开API
配置代码
网络接口
一种。 启动文件
public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = "<your tenant id>", TokenValidationParameters = new TokenValidationParameters { ValidAudiences = new[] { "your web api application app id url", "your web api application app id" } }, }) ;; }
湾控制器
[Authorize] [EnableCors(origins: "*", headers: "*", methods: "*")] public class ValuesController : ApiController { // GET api/values public IEnumerable<string> Get() { return new string[] { "value1", "value2" }; } }
var authority = "https://login.microsoftonline.com/<your tenat id>"; AuthenticationContext authContext = new AuthenticationContext(authority); var uri = "< your redirect url>"; var clientId = "< your client application app id>"; var resource = "<your web api application app id url or your web api application app id>"; var result = authContext.AcquireTokenAsync(resource, clientId, new Uri(uri), new PlatformParameters(PromptBehavior.Always)).Result; using (HttpClient httpClient = new HttpClient()) { httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); var response = httpClient.GetAsync("https://localhost:44345/api/values").Result; Console.WriteLine(response.StatusCode); Console.WriteLine(response.Content.ReadAsStringAsync().Result); }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.