Azure Mysql HTTP REST API。获取JSON Web令牌

时间:2018-06-07 17:57:23

标签: mysql rest api azure http

我正在尝试通过http rest api(https://docs.microsoft.com/en-us/rest/api/mysql/)连接到我的Azure Mysql但没有成功。问题是我无法从我的Web App获取JSON Web Token。情况:

Azure Web App ----- rest api ----> Azure MySql

我想我需要在活动目录中“注册”这个Mysql Server资源,但似乎我不能这样做。

我遵循了本教程(https://blogs.msdn.microsoft.com/jpsanders/2017/03/17/accessing-azure-app-services-using-azure-ad-bearer-token-2),但我遇到了同样的问题:我无法在Azure Active Directory中注册MySql。

那么,我如何获得Mysql HTTP REST API的JSON Web令牌?

谢谢!

-------- MYSQL资源(不是MYSQL服务器)的AD PROPIETARY角色 - enter image description here ---------------- CODE --------------------------------- ------------- 

    //
// https://blogs.msdn.microsoft.com/jpsanders/2017/03/17/accessing-azure-app-services-using-azure-ad-bearer-token-2/
//
public static class AzureActiveDirectory
{
    // the AD Authority used for login.  For example: https://login.microsoftonline.com/myadnamehere.onmicrosoft.com 
    public static string authority = "";
    // the Application ID of this app.  This is a guid you can get from the Advanced Settings of your Auth setup in the portal
    public static string clientId = "";
    // the key you generate in Azure Active Directory for this application
    public static string clientSecret = "";
    // the Application ID of the app you are going to call.This is a guid you can get from the Advanced Settings of your Auth setup for the targetapp in the portal
    public static string resource = "";


    static public async Task<AuthenticationResult> GetS2SAccessTokenForProdMSAAsync()
    {
        var task =  await GetS2SAccessToken(authority, resource, clientId, clientSecret);
        return task;
    }

    static async Task<AuthenticationResult> GetS2SAccessToken(string authority, string resource, string clientId, string clientSecret)
    {
        var clientCredential = new ClientCredential(clientId, clientSecret); 
        AuthenticationContext context = new AuthenticationContext(authority, false); 
        AuthenticationResult authenticationResult = await context.AcquireTokenAsync(
            resource,  // the resource (app) we are going to access with the token
            clientCredential);  // the client credentials
        return authenticationResult; 
    }

}





  AzureActiveDirectory.authority = "https://login.microsoftonline.com/********/";
        AzureActiveDirectory.clientId = "********";                                             
        AzureActiveDirectory.clientSecret = "********";
        AzureActiveDirectory.resource = "https://management.azure.com/";

        try
        {


            AuthenticationResult token = await AzureActiveDirectory.GetS2SAccessTokenForProdMSAAsync();

            HttpClient client = new HttpClient();
            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Authorization", "Bearer " + token.AccessToken);
            var resp = await client.GetAsync("https://management.azure.com/subscriptions/*******/resourceGroups/MYSQL/providers/Microsoft.DBforMySQL/servers/shoplister/firewallRules?api-version=2017-12-01");

            Console.WriteLine(resp.StatusCode.ToString());
            Console.WriteLine();

        }
        catch (Exception e) { Console.WriteLine(e); }

---------------现在改变之后获得未经授权------------

enter image description here

1 个答案:

答案 0 :(得分:0)

我正在通过导致解决方案的评论中的讨论中编写重点:

  • 获取访问令牌时使用resource作为https://login.microsoftonline.com/tenant-id-here/标识符
  • 使用new AuthenticationHeaderValue("Bearer", token.AccessToken)作为权限(您也可以使用经过验证的域名而不是ID)。这定义了您针对哪个AAD租户进行身份验证
  • 访问令牌必须在C#中附加Authorization: Bearer tokengoeshere,以便生成的标头为{{1}}
  • 最后确保您已授予正确应用的权限。可以有名称相同或相似的应用程序。
相关问题
最新问题