如何在同一應用程序中對MVC Web應用程序和Web API進行身份驗證/授權

Question

我們使用asp.net MVC框架開發了一個Web應用程序，該框架具有用於身份驗證/授權的Azure活動目錄。 現在的問題是，我們將在該Web應用程序中使用api。 為了對Web api進行身份驗證，我們可以使用與成功授權webapp Web應用程序時獲得的請求令牌相同的令牌。

謝謝，Tamilselvan S.

Answer 1

您可以為Web應用程序支持OWIN添加多個身份驗證中間件。 要同時支持cookie和承擔認證，您可以參考以下代碼：

app.UseWindowsAzureActiveDirectoryBearerAuthentication(
    new WindowsAzureActiveDirectoryBearerAuthenticationOptions
    {
        Audience = ConfigurationManager.AppSettings["ida:Audience"],
        Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
});

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {

        ClientId = clientId,
        Authority = Authority,
        Notifications = new OpenIdConnectAuthenticationNotifications()
        {
            RedirectToIdentityProvider = (context) =>
            {
                // This ensures that the address used for sign in and sign out is picked up dynamically from the request
                // this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings
                // Remember that the base URL of the address used here must be provisioned in Azure AD beforehand.
                string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
                context.ProtocolMessage.RedirectUri = appBaseUrl + "/";
                context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;

                return Task.FromResult(0);
            },

            AuthenticationFailed = (context) =>
            {
                // Suppress the exception if you don't want to see the error
                context.HandleResponse();

                return Task.FromResult(0);
            }

        },
        TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
        {
            ValidateIssuer = false,
        }

    });