0
如何配置OWIN以驗證使用node-adal從Azure AD收集到的accesstoken請求?如何使用node-adal和OWIN配置Azure AD OAuth2?
啓動以下類:
app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AllowedAudiences = new []
{
ConfigurationManager.AppSettings["ida:ClientId"] // AAD clientid from registered application
},
IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
{
new SymmetricKeyIssuerSecurityTokenProvider(
ConfigurationManager.AppSettings["ida:Issuer"], // https://sts.windows.net/<tenantid-guid>/ retrieved from AAD federationmetadata.xml
TextEncodings.Base64Url.Decode(ConfigurationManager.AppSettings["ida:ClientSecret"]) // AAD secret from registered application
)
}
});
從節點阿達爾以下令牌響應: implementation described here
{
tokenType: "Bearer",
expiresIn: 3599,
expiresOn: "2016-10-19T13:49:47.649Z",
resource: "spn:00000002-0000-0000-c000-000000000000",
accessToken: "removed for brevity",
refreshToken: "removed for brevity",
userId: "[email protected]",
isUserIdDisplayable: true,
familyName: "familyName",
givenName: "givenName",
identityProvider: "live.com",
oid: "oid-guid",
tenantId: "tenantid-guid"
}
的accesstoken
從上述節點阿達爾響應是使用
Authorization: Bearer accesstoken-here
使用的[Authorize]
屬性返回
{"message":"Authorization has been denied for this request."}
編輯展現給新老辦法的,舊作擔保終點 - 新的不
// this is new version (using clientsecret, aka AD web app)
var issuer = ConfigurationManager.AppSettings["ida:Issuer"];
var secret = TextEncodings.Base64Url.Decode(ConfigurationManager.AppSettings["ida:ClientSecret"]);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AuthenticationType = OAuthDefaults.AuthenticationType,
Provider = new OAuthBearerAuthenticationProvider(),
AccessTokenFormat = new JwtFormat(
new[] { ConfigurationManager.AppSettings["ida:ClientId"] },
new IIssuerSecurityTokenProvider[] { new SymmetricKeyIssuerSecurityTokenProvider(issuer, secret) }
)
});
// this is old version (not using clientsecret, aka AD native app), this works but all my code is in the Angular Single Page app, I am trying to move the auth code into the node server to secure all access
app.UseWindowsAzureActiveDirectoryBearerAuthentication(new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
TokenValidationParameters = new TokenValidationParameters
{
ValidAudiences = new[]
{
ConfigurationManager.AppSettings["ida:AudienceImplicit"],
ConfigurationManager.AppSettings["ida:AudienceDaemon"]
}
}
});
我的理解是,這種方法是爲隱式OAuth流程,我已經工作,但現在想要使用ID和祕密,而隱式OAuth不需要祕密。同樣,node-adal沒有支持隱式OAuth流的代碼。 – click2install
您選擇用來驗證令牌的中間件不應取決於令牌的需求。 – dstrockis
好的,所以我嘗試了您建議的方法,該方法以前也適用於隱式OAuth授權流程。我從解碼後的令牌中撤回了觀衆,它仍然顯示出401。我是否可以在不包含克隆源的情況下調試中間件的內部? – click2install