访问 IIS 托管的 web 应用程序，该应用程序通过 PowerShell 使用 AzureAD 凭据以使用 API

Question

I have an IIS hosted blazor server .net core web app that uses AzureAd to login and my app has some functionality I want to expose to APIs and I am trying to run a PowerShell script that access' my web app to run the methods.

但是，我遇到了登录问题，似乎无法登录我的应用程序。

this is my web apps appsettings.json and currently works and logs in when accessing https://localhost:8080/ which connects to my Azure app registration for my app.

 "AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "mycompanyname.onmicrosoft.com",
"TenantId": "redacted",
"ClientId": "redacted",
"ClientSecret": "redacted",
"ClientCertificates": [
], 
"CallbackPath": "/signin-oidc"
 },

当尝试通过 PowerShell 连接时，我可以使用以下方法接收 access_token：

$tenantid = "<tenantid>"    
$clientId = "<clientid>"    
$ClientSecret = "<clientsecret>"

$Resource = "<resourceid>"

$RequestAccessTokenUri = "https://login.microsoftonline.com/$tenantid/oauth2/token"

$body = "grant_type=client_credentials&client_id=$clientId&client_secret=$ClientSecret&resource=$Resource"

$Token = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -Body $body -ContentType 'application/x-www-form-urlencoded'

我的问题是，我似乎不知道如何使用此 access_token 传递到我的网站进行登录，除非我不完全了解 Microsoft 如何进行身份验证和授权。

我已经在这个问题上工作了几天，需要帮助。

任何帮助表示赞赏

Answer 1

要传递您的令牌，您需要构建一个授权 header 并将其传递给随后的调用。

# Build header from access token
$Headers = @{Headers = @{Authorization = "Bearer $($token.Access_token)" } }

# Splat Headers onto any calls that require you to be authenticated.
Invoke-RestMethod -Uri 'Https://YourApp.com/Something' -Method Get @Headers

附加说明：

如果尚未存在，您将需要授权 Powershell 客户端 ID 才能使用应用程序注册。

这可以在您的应用注册中完成。

• Go 暴露一个 API
• 添加 User_Impersonation scope
• 添加以下客户端应用程序：1950a258-227b-4e31-a9cf-717495945fc2