我很努力通過Azure AD向Azure移動服務(.NET後端)進行身份驗證。
我一直在關注本教程:https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-active-directory-authentication/
Azure AD本身的身份驗證成功(result.Status == AuthenticationStatus.Success),但我在MobileService.LoginAsync上獲取HTTP 401。從UWP客戶端通過Azure移動服務進行身份驗證
移動服務天青AD應用程序配置
點登錄網址:https://contososervice.azurewebsites.net
客戶ID:c710fe9b-4dd2-406b-ae68-ea5825c2c103
應用ID URI:https://contososervice.azurewebsites.net
回覆URL:https://contososervice.azurewebsites.net/.auth/login/aad/callback
本機客戶端Azure AD應用配置
客戶端ID:d79fea3f-2357-4797-9be8-48d630f6e1a3
重定向的URI:
- https://contososervice.azurewebsites.net/.auth/login/done
- MS-應用:// S-1-15-2-4177921760-2458829842-3328621796-4043898254-238447652-453539330-2174227773
權限下放給ContosoService
天青移動服務的身份驗證配置:高級模式
客戶端ID:c710fe9b-4dd2-406b-ae68-ea5825c2c103
發行人網址:https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47
移動服務web.conf IG
<add key="ida:Tenant" value="contoso.onmicrosoft.com" /> <add key="ida:Audience" value="https://contososervice.azurewebsites.net" />
移動服務的身份驗證設置
public void ConfigureAuth(IAppBuilder app)
{
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = ConfigurationManager.AppSettings["ida:Audience"]
},
});
}
UWP客戶
string appIDUri = "https://contososervice.azurewebsites.net";
string clientID = "d79fea3f-2357-4797-9be8-48d630f6e1a3";
AuthenticationResult result = await _authContext.AcquireTokenAsync(
appIDUri,
clientID,
WebAuthenticationBroker.GetCurrentApplicationCallbackUri());
if (result.Status == AuthenticationStatus.Success)
{
IsUserAuthenticated = true;
UserData = result.UserInfo;
success = true;
JObject payload = new JObject();
payload.Add("access_token", result.AccessToken);
var user = await ServiceClient.ServiceClient.MobileService.LoginAsync(
MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory,
payload);
}