在Azure App Services中,为什么在成功登录(使用App Service身份验证服务)后无法访问我的表?

时间:2017-12-21 19:27:59

标签: authentication azure-active-directory azure-mobile-services

根据Azure上的流,此部分代码导致成功登录:

    MobileServiceUser user = null;
    private async System.Threading.Tasks.Task<bool> AuthenticateAsync()
    {
        string message;
        bool success = false;


        var provider = MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory;

        // Use the PasswordVault to securely store and access credentials.
        PasswordVault vault = new PasswordVault();
        PasswordCredential credential = null;

        try
        {
            // Try to get an existing credential from the vault.
            credential = vault.FindAllByResource(provider.ToString()).FirstOrDefault();
        }
        catch (Exception)
        {
            // When there is no matching resource an error occurs, which we ignore.
        }

        if (credential != null)
        {
            // Create a user from the stored credentials.
            user = new MobileServiceUser(credential.UserName);
            credential.RetrievePassword();
            user.MobileServiceAuthenticationToken = credential.Password;

            // Set the user from the stored credentials.
            App.MobileService.CurrentUser = user;

            // Consider adding a check to determine if the token is 
            // expired, as shown in this post: http://aka.ms/jww5vp.

            success = true;
            message = string.Format("Cached credentials for user - {0}", user.UserId);
        }
        else
        {
            try
            {
                // Login with the identity provider.
                user = await App.MobileService
                    .LoginAsync(provider, true);

                // Create and store the user credentials.
                credential = new PasswordCredential(provider.ToString(),
                    user.UserId, user.MobileServiceAuthenticationToken);
                vault.Add(credential);

                success = true;
                message = string.Format("You are now logged in - {0}", user.UserId);
            }
            catch (MobileServiceInvalidOperationException)
            {
                message = "You must log in. Login Required";
            }
        }

        var dialog = new MessageDialog(message);
        dialog.Commands.Add(new UICommand("OK"));
        await dialog.ShowAsync();

        return success;
    }

但是当我尝试从IServiceTable获取信息时,访问被拒绝。我注意到在Azure的流中,尝试访问表时使用的登录方法是匿名的。&#34;有人可以帮忙吗? (我已经检查了令牌,它看起来是正确的。)

    public IMobileServiceTable<Finding> FindingsTable { get {return findingsTable;} }
    private IMobileServiceTable<Finding> findingsTable;

    private MobileServiceClient client;

    public ClientAPI(string url)
    {
        //client = new MobileServiceClient(url);
        client = App.MobileService;
        findingsTable = client.GetTable<Finding>();
    }

    public async Task<ObservableCollection<Finding>> GetAllFindingsAsync()
    {
     // The line below triggers the no access error:   
        var findings = await findingsTable.Select(f => f).ToCollectionAsync();

下面是一个图形,显示了在尝试访问表时发送给服务的令牌:

Link to screenshot of token

1 个答案:

答案 0 :(得分:0)

nbf中的authenticationToken代表GMT: Thursday, December 21, 2017 9:56:15 PM,但exp代表GMT: Saturday, January 20, 2018 9:56:15 PM。 AFAIK,有效exp比默认nbf小一个小时。

我建议您停用缓存令牌并直接调用App.MobileService.LoginAsync进行日志记录,然后利用fiddler捕获网络跟踪并尝试访问您的在线表Finding以缩小此范围问题。

此外,您可以通过浏览器访问https://{your-app-name}.azurewebsites.net/.auth/login/aad进行日志记录并检索authenticationToken,然后您可以解码您的令牌并将其与您的本地缓存令牌进行比较。通过浏览器登录后,您可以访问https://{your-app-name}.azurewebsites.net/tables/{table-name}以检索您的表记录以缩小此问题。此外,对于缓存令牌,您可以关注adrian hall的关于Caching Tokens的书。

相关问题
最新问题