我想通过第三方提供商来保护我的Azure WebApi(FB,G + ......我基本上只需要一封有效的电子邮件)。看着Auth0,看起来它会在web api项目中与Jwt中间件配对,但我想知道是否只能使用Azure来完成相同的工作。
Azure Web App身份验证让我感到困惑 - 它似乎没有给我的Asp.Net Web应用程序提供任何帮助。我仍然需要在Startup.cs中配置所有中间件,如果我完全关闭身份验证,应用程序仍然可以正常工作。
我可以做与Auth0相同的事情 - 基于来自FB或G +的访问令牌发布我自己的Jwt令牌 - 但是我想避免这种情况。
你能指点我正确的方向吗?
答案 0 :(得分:0)
You have a couple options:
The App Service Authentication does not require any code inside your application because your App Service has a gateway that inspects request for authorization. Depending on the setting you can either secure the entire site or secure individual resources (by using the baseScript.delegate = baseScript
attribute on the endpoint in MVC/WebAPI).
With the latest release you can control authorization on a site by site basis including manually triggering the sign in by navigating the user to the [Authorize]. By defualt the token store is enabled so you can make a request to <yoursiteurl>/.auth/login/<provider> and get back information from the provider.
This is the default way authorization happens in the Single Page ASP.NET Template. The middleware authentication uses OAuth/OpenId to secure the resources. This option does it at the application layer instead of at the gateway. If you are using ASP.NET Identity (from the single page project template) the email from the persons log in will automatically be stored in the Users table. The tutorial in the link above gives lots of details on how to get it working.
Make sure you use the <yoursiteurl>/.auth/me attribute to trigger the Authorization in either case.
Hope that helps you get started in the right direction.