簡體   English   中英

HttpClient調用受Azure AD保護的網站

[英]HttpClient to call Azure AD-protected site

遵循一些Microsoft示例,我到了這一點:

ASP.NET Core設置:

app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
    ClientId = Configuration["Authentication:AzureAD:ClientId"],
    Authority = Configuration["Authentication:AzureAd:Authority"],
    ResponseType = OpenIdConnectResponseType.IdToken,
    AutomaticAuthenticate = true,
    TokenValidationParameters = new TokenValidationParameters()
});

AuthorizationTest端點:

[HttpGet]
[Authorize]
public IActionResult Get()
{
    return Ok("SAMPLE TEXT - if you can read this then call it a day :)");
}

客戶:

try
{
   var result = await authContext.AcquireTokenAsync(WebApiResourceId, WebApiClientId, WebApiRedirectUri, new PlatformParameters(PromptBehavior.Auto));
   authorizedClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);

   var authorizedMessage = await authorizedClient.GetAsync("/AuthorizationTest");
   var statusCode = authorizedMessage.StatusCode.ToString();
   var message = await authorizedMessage.Content.ReadAsStringAsync();
   webBrowser.NavigateToString(message);
 }

authorizedClient的初始化為:

private static HttpClientHandler handler = new HttpClientHandler
{
    AllowAutoRedirect = true,
    CookieContainer = new CookieContainer(),
    UseCookies = true
 };
 private static HttpClient authorizedClient = new HttpClient(handler, false) { BaseAddress = WebApiBaseUri };

我曾經只使用BaseAddress對其進行初始化,后來在So的答案后面添加了處理程序。

問題:
即使我從AAD正確獲得了令牌,來自WEB API端點的響應還是一個HTML(自動重定向之后),它是MS登錄頁面,錯誤為“ Your browser is set to block cookies.....

為了使HttpClient工作,我應該進行哪些更改? 還是可以將WebApi配置更改為不使用cookie? 對於后一種選擇,我找不到其他選擇。

如評論中所述,您需要使用Microsoft.AspNetCore.Authentication.JwtBearer包中的JWT承載令牌中間件。

Open ID Connect中間件旨在將用戶重定向到登錄頁面,而不用於認證訪問令牌。 可以在以下位置找到JWT承載令牌中間件的示例用法: https : //github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore/blob/master/TodoListService/Startup.cs

看一下這個線程: https : //github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/514-它顯示了您要實現的方案。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM