[英]Call Azure AD protected Azure Function from console app/PowerShell w/delegated permission
[英]HttpClient to call Azure AD-protected site
遵循一些Microsoft示例,我到了這一點:
ASP.NET Core設置:
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = Configuration["Authentication:AzureAD:ClientId"],
Authority = Configuration["Authentication:AzureAd:Authority"],
ResponseType = OpenIdConnectResponseType.IdToken,
AutomaticAuthenticate = true,
TokenValidationParameters = new TokenValidationParameters()
});
AuthorizationTest端點:
[HttpGet]
[Authorize]
public IActionResult Get()
{
return Ok("SAMPLE TEXT - if you can read this then call it a day :)");
}
客戶:
try
{
var result = await authContext.AcquireTokenAsync(WebApiResourceId, WebApiClientId, WebApiRedirectUri, new PlatformParameters(PromptBehavior.Auto));
authorizedClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
var authorizedMessage = await authorizedClient.GetAsync("/AuthorizationTest");
var statusCode = authorizedMessage.StatusCode.ToString();
var message = await authorizedMessage.Content.ReadAsStringAsync();
webBrowser.NavigateToString(message);
}
而authorizedClient
的初始化為:
private static HttpClientHandler handler = new HttpClientHandler
{
AllowAutoRedirect = true,
CookieContainer = new CookieContainer(),
UseCookies = true
};
private static HttpClient authorizedClient = new HttpClient(handler, false) { BaseAddress = WebApiBaseUri };
我曾經只使用BaseAddress對其進行初始化,后來在So的答案后面添加了處理程序。
問題:
即使我從AAD正確獲得了令牌,來自WEB API
端點的響應還是一個HTML(自動重定向之后),它是MS登錄頁面,錯誤為“ Your browser is set to block cookies.....
”
為了使HttpClient工作,我應該進行哪些更改? 還是可以將WebApi配置更改為不使用cookie? 對於后一種選擇,我找不到其他選擇。
如評論中所述,您需要使用Microsoft.AspNetCore.Authentication.JwtBearer
包中的JWT承載令牌中間件。
Open ID Connect中間件旨在將用戶重定向到登錄頁面,而不用於認證訪問令牌。 可以在以下位置找到JWT承載令牌中間件的示例用法: https : //github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore/blob/master/TodoListService/Startup.cs 。
看一下這個線程: https : //github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/514-它顯示了您要實現的方案。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.