我在Azure中的Web應用程序中獲取我的API應用程序調用工作時遇到問題。這是事物的結構如何 -在Azure中調用web api時無法使用令牌令牌
- Asp.Net 1.1核心Web應用程序通過Azure的AD認證保護 - 利用紅隼 的web應用程序的
StartUp.cs本地運行有以下代碼用於獲取令牌到Web API
app.UseCookieAuthentication();
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
ClientId = ClientId, //Client Id of my current web app
ClientSecret = ClientSecret, //ClientSecret of my current web app
Authority = "https://login.microsoftonline.com/tenantguid", CallbackPath = Configuration[Constants.ApplicationProxyCallbackPath],
ResponseType = OpenIdConnectResponseType.CodeIdToken,
Events = new OpenIdConnectEvents
{
OnAuthorizationCodeReceived = OnAuthorizationCodeReceived,
OnRemoteFailure = OnAuthenticationFailed
}
});
對於OnAuthorizationCodeReceived方法,這是我的代碼
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
string userObjectId = (context.Ticket.Principal.FindFirst(Constants.ClaimsSchemaUri))?.Value;
ClientCredential clientCred = new ClientCredential(ClientId, ClientSecret);
AuthenticationContext authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectId, context.HttpContext.Session));
AuthenticationResult authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(
context.ProtocolMessage.Code,
new Uri(context.Properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey]),
clientCred,
WebAPIClientId);
}
使用上面的代碼,我可以成功獲取持票人令牌。
Controller類其中I做出的WebAPI
Task<string> results = null; string resultSet = String.Empty; AuthenticationResult authResult = null; string userObjectID = (currentUser.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier"))?.Value; AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, new NaiveSessionCache(userObjectID, current.Session)); ClientCredential credential = new ClientCredential(Startup.ClientId, Startup.ClientSecret); authResult = await authContext.AcquireTokenSilentAsync(Startup.SearchAPIClientId, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId)); //var callerIdentity = currentUser.Identity as WindowsIdentity; HttpClientHandler handler = null; //Setup async action Action action =() => { handler = new HttpClientHandler() { AllowAutoRedirect = true }; //Setup for windows authentication var client = new HttpClient(handler); //Add common http headers client.DefaultRequestHeaders.Add("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"); client.DefaultRequestHeaders.Add("Accept-Encoding", "gzip, deflate"); client.DefaultRequestHeaders.Add("Accept-Language", "en-US,en;q=0.8"); client.DefaultRequestHeaders.Add("User-Agent", "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36"); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken); results = client.GetStringAsync("https://myapi.azurewebsites.net/api/search/"); }; action.Invoke(); resultSet = await results as string;
- 在Web API與使用天青身份驗證OpenIdConnect包中的代碼,就好像Web應用程序代碼以上保護。
的呼叫的呼叫到所述API被重新定向到login.microsftonline.com這意味着我的令牌不被理解。
我看了幾個相關的帖子,但沒有任何工作正常。
更新1 - 更新的Web API使用JWTBearer認證 現在我在網絡應用程序中獲取承載令牌是能夠成功地驗證了我對Web API。
我的Web API預計會調用另一個也受Azure AD身份驗證保護的自定義API。我正在尋找相同的令牌,但爲了啓動我在使用獲取令牌獲取附加自定義API時遇到問題。它拋出內部服務器500沒有消息。有什麼想法嗎?
更新2 - 詳細的錯誤 在試圖獲取第三API令牌,我得到以下異常 - 「AADSTS50105:應用程序源客戶端ID GUID'未分配給應用程序一個角色「目標客戶端id guid'。「
你是否能夠在給授權標頭賦予持有者令牌後從郵遞員訪問該API? – Venky
不,我不能。使用上面代碼中生成的令牌,我無法使用郵遞員進行呼叫。 –
你得到401或任何其他錯誤信息?如果令牌有效,那麼您應該可以通過郵遞員撥打電話。 – Venky