从Azure Web API获取未授权

时间:2017-02-14 13:00:02

标签: azure asp.net-web-api google-nativeclient

我使用Visual Studio 2015 Update 3 for Web API(没有自定义,裸骨)创建了一个基本项目,并按照here指令将其部署到Azure(免费帐户)。 然后我使用以下代码创建了一个Console客户端。

 public static async Task<bool> ReadValues()
    {
        try
        {
            // Authenticate the user and get a token from Azure AD
            //AuthenticationResult authResult = await AuthContext.AcquireTokenSilentAsync(Resource, ClientId);
            AuthenticationResult authResult = AuthContext.AcquireToken(Resource, ClientId, RedirectUri);

            // Create an HTTP client and add the token to the Authorization header
            HttpClient httpClient = new HttpClient();
            httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
                //"Bearer" 
                authResult.AccessTokenType
                , authResult.AccessToken);

            // Call the Web API to get the values
            var requestUri = new Uri(WebApiUri, "api/values");
            Console.WriteLine("Reading values from '{0}'.", requestUri);
            HttpResponseMessage httpResponse = await httpClient.GetAsync(requestUri);
            Console.WriteLine("HTTP Status Code: '{0}'", httpResponse.StatusCode.ToString());
            //Console.WriteLine("HTTP Header: '{0}'", httpClient.DefaultRequestHeaders.Authorization.ToString());
            if (httpResponse.IsSuccessStatusCode)
            {
                //
                // Code to do something with the data returned goes here.
                //
                var s = await httpResponse.Content.ReadAsStringAsync();
                Console.WriteLine(s);
            }
            else
            {
                Console.ForegroundColor = ConsoleColor.Red;
                Console.WriteLine(httpResponse.ReasonPhrase);
            }
             return (httpResponse.IsSuccessStatusCode);
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
        return false;
    }

当我在调试时从Visual Studio本地运行WEB API时它工作正常,但是当我将它部署到Azure时,它返回Unauthorized。 我可能会问到很少见的事情:

  
      
  1. 我确实收到了有效的不记名令牌
    2.   
  2. 我已经在Azure AD中为WEB API和客户端
    3. 创建了App注册   
  3. 客户端和WEB API使用正确的重定向资源uri
    4.   
  4. 我用于登录的帐户与用于创建Azure帐户的帐户相同,并且在域/ AD / API中具有完全权限
    5.   

在API方面,这是整个startup.auth.cs 

using System.Configuration;
using System.IdentityModel.Tokens;
using Microsoft.Owin;
using Microsoft.Owin.Security.ActiveDirectory;
using Owin;
using WebApi;

[assembly: OwinStartup("default", typeof(Startup))]

namespace WebApi
{
    public partial class Startup
    {
        // For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
        public void ConfigureAuth(IAppBuilder app)
        {
            app.UseWindowsAzureActiveDirectoryBearerAuthentication(
                new WindowsAzureActiveDirectoryBearerAuthenticationOptions
                {
                    Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
                    TokenValidationParameters = new TokenValidationParameters {
                         ValidAudience = ConfigurationManager.AppSettings["ida:Audience"]
                    },
                });
        }
    }
}

我还应该检查什么?

  

其他参考资料

     

https://www.simple-talk.com/cloud/security-and-compliance/azure-active-directory-part-3-developing-native-client-applications/

1 个答案:

答案 0 :(得分:0)

感谢Juunas给我提供工作副本的帮助,我能够缩小原因。当我将调试器附加到Web API的Azure实例时,我能够看到Bad Audience的异常。在尝试回溯我的步骤时,我发现在从Visual Studio进行部署时,我在设置中选择了Enterprise Authentication,导致web.config以导致问题的方式进行更改。不选择该选项,我能够通过持票令牌访问API。

相关问题
最新问题