我有一个Angular 2应用程序,我正在对Azure AD进行身份验证,然后调用已开发的WebApi来获取其他信息。
我首先将窗口位置更改为SSO的Azure登录页
window.location.href = "https://login.microsoftonline.com/" +
this.tenantId +
"/oauth2/authorize?" +
"response_type=id_token+token&" +
"response_mode=fragment&" +
"client_id=" + this.clientId + "&" +
"redirect_uri=" + encodeURIComponent(window.location.href) + "/&" +
"scope=openid&" +
"state=" + this.state + "&" +
"nonce=" + this.nonce;
然后我从哈希中获取access_token参数并将其传递给调用我的Api的服务
从Angular 2调用WebApi
public testApi(token): Observable<any> {
let headers = new Headers({
'Authorization': 'Bearer ' + token, 'Accept': 'application/json; odata.metadata=minimal' });
let options = new RequestOptions({ headers: headers });
return this.httpService.get('/api/values', options)
.map((response: Response) => response.json());
}
此回拨带有一条带有此消息的401
承载错误=&#34; invalid_token&#34;,error_description =&#34;签名无效&#34;
环顾四周之后,我认为可能是因为我在Api方面设置了OWIN,但在阅读了MSFT文档后,它应该是这样的
在Statup.cs中配置Section
app.UseJwtBearerAuthentication(new JwtBearerOptions
{
Authority = Configuration["Authentication:AzureAd:AADInstance"] + Configuration["Authentication:AzureAd:TenantId"],
Audience = Configuration["Authentication:AzureAd:Audience"]
});
appsettings.json
"Authentication": {
"AzureAd": {
"AADInstance": "https://login.microsoftonline.com/",
"Audience": "https://isaaclevin.com/testlogin",
"ClientId": "26931518-d4e2-4ad7-bc78-64857754bbf3",
"Domain": "isaaclevin.com",
"TenantId": "3335f25c-177f-424d-96cc-5a5a3d1798cd"
}
最后是具有授权属性的简单Api
[Authorize]
[Route("api/[controller]")]
public class ValuesController : Controller
{
// GET api/values
[HttpGet]
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
}
我不太确定我在这里做错了什么,但肯定是一个auth问题。如果我关闭[Authorize]属性,则api调用有效(但这很明显)。我正在验证客户端的令牌,它工作得很好。
答案 0 :(得分:0)
要解决此问题,我必须将资源添加到登录调用中。我现在遇到一个问题,持续请求.consent,但我可以解决api罚款