我一直在尝试在移动应用中为我的Web应用实施Azure Active Directory身份验证。 已按照此tutorial(已使用的替代方法)中所述配置移动应用。
我的Azure Active Directory应用设置:
登录网址:https://< mymobileappname> .azurewebsites.net /
应用ID URI:https://< mymobileappname> .azurewebsites.net /
回复网址:https://< mymobileappname> .azurewebsites.net / .auth / login / aad / callback
此外,我已将ClientID(b6da4c72-xxxx-xxxx-xxxx-e20d561b7906)和entityID(https:// sts.windows.net/e052874c-xxxx-xxxx-xxxx-afd774687ee8/)传递给移动应用验证设置Azure门户并将其打开。
在我的网络应用程序中,我做了如下:
public string GetAADToken()
{
string clientID = "b6da4c72-xxxx-xxxx-xxxx-e20d561b7906";
string authority = "https://login.windows.net/<mytenant>";
string resourceURI = "https://<mymobileappname>.azurewebsites.net/";
var appKey = <mysecretvalidkeytakenfromazureactivedirecoryapp>";
var authenticationContext= new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority);
var clientCredential = new ClientCredential(clientID, appKey);
var authenticationResult = authenticationContext.AcquireToken(resourceURI, clientCredential);
return authenticationResult.AccessToken;
}
MobileServiceClient client = new MobileServiceClient("https://<mymobileappname>.azurewebsites.net/");
var token = new JObject();
token["access_token"] = GetAADToken();
var res = client.LoginAsync("aad", token).Result;
此代码将身份验证请求发送到我的移动应用
{Method: POST, RequestUri: 'https://<mymobileappname>/.auth/login/aad', Version: 1.1, Headers:
{
X-ZUMO-INSTALLATION-ID: 904579fa-xxxx-xxxx-xxxx-02efc7ba2937
Accept: application/json
User-Agent: ZUMO/2.0
User-Agent: (lang=Managed; os=Windows; os_version=6.2.0.9200; arch=Win32NT; version=2.0.31217.0)
X-ZUMO-VERSION: ZUMO/2.0 (lang=Managed; os=Windows; os_version=6.2.0.9200; arch=Win32NT; version=2.0.31217.0)
Content-Type: application/json; charset=utf-8
Content-Length: 1129
}}
在POST-body中发送带有AAD令牌的json。
同样的解决方案用于天蓝色移动服务并且工作正常,但对于移动应用服务,我总是得到:401'未经授权'。
我做错了什么?