API管理基本身份验证

时间:2018-03-25 18:33:11

标签: azure-api-management

我有一个Azure API管理,添加了一个逻辑应用程序作为后端API。现在我想为API Management启用基本身份验证,以便当客户端调用受API Management保护的逻辑应用程序url时需要提供用户名和密码。我熟悉API Management的访问限制策略,现在我的问题是在APIM中设置基本身份验证凭据的位置和方式?

4 个答案:

答案 0 :(得分:2)

您可以使用以下代码段 https://github.com/Azure/api-management-policy-snippets/blob/master/examples/Perform%20basic%20authentication.policy.xml 

<policies>
<inbound>
    <base />
    <choose>
        <when condition="@(context.Request.Headers.GetValueOrDefault("Authorization")==null || context.Request.Headers.GetValueOrDefault("Authorization").Length<1 || context.Request.Headers.GetValueOrDefault("Authorization").AsBasic().UserId!="{{UserId}}" || context.Request.Headers.GetValueOrDefault("Authorization").AsBasic().Password!="{{Password}}")">
            <return-response>
                <set-status code="401" reason="Not authorized" />
            </return-response>
        </when>
    </choose>
    <set-header name="Authorization" exists-action="delete" />
</inbound>
<backend>
    <base />
</backend>
<outbound>
    <base />
</outbound>
<on-error>
    <base />
</on-error>

如果您要将密码存储到密钥库中,则可以使用以下策略代替上面的

<inbound>
    <base />
    <send-request ignore-error="false" timeout="20" response-variable-name="passwordResponse" mode="new">
        <set-url>https://mykvname.vault.azure.net/secrets/MySecretValue/?api-version=7.0</set-url>
        <set-method>GET</set-method>
        <authentication-managed-identity resource="https://vault.azure.net" />
    </send-request>
    <rewrite-uri template="/" copy-unmatched-params="true" />
    <set-backend-service base-url="https://testservice/" />
    <authentication-basic username="myusername" password="@{ var secret = ((IResponse)context.Variables["passwordResponse"]).Body.As<JObject>(); return secret["value"].ToString(); }" />
</inbound>

希望这会有所帮助

答案 1 :(得分:1)

以下是用于设置基本身份验证的代码段:username =“ someUser”和password =“ ThePassw0rd” 

<policies>
    <inbound>
        <set-variable name="isAuthOk" 
value="@(context.Request.Headers.ContainsKey("Authorization") 
            && context.Request.Headers["Authorization"].Contains(
            "Basic " + Convert.ToBase64String(
                  Encoding.UTF8.GetBytes("someUser:ThePassw0rd")
                )
              )
              )" />
        <base />
        <choose>
            <when condition="@(context.Variables.GetValueOrDefault<bool>("isAuthOk"))">
            </when>
            <otherwise>
                <return-response>
                    <set-status code="401" reason="Unauthorized" />
                    <set-header name="WWW-Authenticate" exists-action="override">
                        <value>Basic realm="someRealm"</value>
                    </set-header>
                    <set-body>Wrong username or password</set-body>
                </return-response>
            </otherwise>
        </choose>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

答案 2 :(得分:0)

If I understood your question, you can set the policy in: Apis -> All Apis or specifc -> Design -> Inbound processing -> Code View. Inside policies/inbound you can insert:

authentication-basic username="username" password="password"

See more in: https://docs.microsoft.com/en-us/azure/api-management/api-management-authentication-policies#Basic

答案 3 :(得分:0)

我能够解决这个问题,我已经为基本身份验证添加了访问限制策略,并在策略中添加了凭据。

示例政策

   基本的B64Credentials

相关问题
最新问题