Question

在我的方案中，我有一个Windows UWP客户端应用程序，用于验证用户并使用OAuth 2.0访问令牌和Azure AD v2.0端点访问受保护的Web API服务。 Web API使用ASP.NET Core 2.0构建。我无法在Azure样本GitHub上找到具有确切配置的任何现有样本，因此我决定自己构建它。我能够对用户进行身份验证并访问Microsoft Graph以获取用户的配置文件，但是当我尝试访问Web API时，我收到了404 Not Found错误消息。相同Web API的不安全方法（没有[授权]修饰）可以正常工作。

Web API的My Startup.cs包含以下段：

        // Add Authentication scheme properties.
        services.AddAuthentication(options => {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        });


        string clientId = Configuration["AzureAd:ClientId"];
        string redirectUri = Configuration["AzureAd:RedirectUri"];
        string tenant = Configuration["AzureAd:Tenant"];

        string authority = String.Format(System.Globalization.CultureInfo.InvariantCulture,
                        Configuration["AzureAd:AadInstance"], tenant);

        //OpenID Connect (OIDC) Authentication
        services.AddAuthentication(options => {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddCookie()
            .AddOpenIdConnect(options => {
                options.ClientId = clientId;
                options.Authority = authority;
                options.SignedOutRedirectUri = redirectUri;
                options.ResponseType = OpenIdConnectResponseType.IdToken;
                options.Events = new OpenIdConnectEvents
                {
                    OnRemoteFailure = OnRemoteFailure,
                    OnTokenValidated = OnTokenValidated
                };
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = false
                };
            });

其中appsettings.json配置了从ClientID App Registration复制的apps.dev.microsoft.com，以及 Tenant = "common"。 RedirectUri points to https://localhost:44353/signin-oidc 和 AadInstance is set to: https://login.microsoftonline.com/{0}/oauth2/v2.0

然后，我的客户端UWP应用程序配置了相应的设置：

    private static string ClientId = "436b73b7-XXXXXXXXX";
    private const string tenant = "common";
    private static string authority = String.Format(System.Globalization.CultureInfo.InvariantCulture,
        "https://login.microsoftonline.com/{0}/oauth2/v2.0", tenant);

    public static PublicClientApplication PublicClientApp = new PublicClientApplication(ClientId, authority);

Microsoft Graph和自定义API的API端点配置如下：

    string _sppAPIEndpoint = "https://localhost:44357/api/AAD/secure";
    string _graphAPIEndpoint = "https://graph.microsoft.com/v1.0/me";

并且范围设置为访问身份验证：

    //Set the scope for API call to user.read
    string[] _scopes = new string[] { "user.read" };

所以，当我运行UWP应用程序时，我可以获得身份验证令牌和图表信息，但是，正如我在开头说的那样，当我执行以下命令时，我得到了404：

        var httpClient = new System.Net.Http.HttpClient();
        var request = new System.Net.Http.HttpRequestMessage(System.Net.Http.HttpMethod.Get, url);
        //Add the token in Authorization header
        request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token);
            HttpResponseMessage response = await httpClient.GetAsync(url);

对于令牌值，我试图同时使用AccessToken和IdpToken。

我做错了什么？任何提示和指示将不胜感激。