Azure AAD-本地服务的应用程序代理

时间:2018-07-31 20:00:51

标签: azure adal msal

我一直在尝试使用应用程序代理从Azure中的另一个Api调用内部Api。我遵循了以下示例中的几个示例,结果相似。我可以成功获取访问令牌,但是当我通过应用程序代理对本地Api进行http调用时,即使添加了带有承载令牌的授权标头,我也始终会重定向到登录页面。有人对我可能会缺少的东西有想法吗?

https://blogs.technet.microsoft.com/applicationproxyblog/2018/06/27/securing-api-access-beyond-intranet-with-azure-ad-application-proxy/

这是我正在运行的代码,该代码是从引用的示例中复制的。我不是100%感兴趣的一件事是todoListResourceId和todoListBaseAddress。我将它们设置为与配置的应用程序代理应用程序的“主页URL”相同的值。

AuthenticationContext authContext;
private static string aadInstance = "https://login.microsoftonline.com/{0}";
private static string tenant = "xxx.onmicrosoft.com";
private static string clientId = "my app id";
Uri redirectUri = new Uri("http://replyurl");
private static string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
private static string todoListResourceId = "https://xxx.msappproxy.net";
private static string todoListBaseAddress = "https://xxx.msappproxy.net";

private async void GetTodoList()
    {
        AuthenticationResult result = null;
        HttpClient httpClient = new HttpClient();
        authContext = new AuthenticationContext(authority);
        result = await authContext.AcquireTokenAsync(todoListResourceId, clientId, redirectUri, new PlatformParameters(PromptBehavior.Auto));
        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);

        // Call the To Do list service.
        HttpResponseMessage response = await httpClient.GetAsync(todoListBaseAddress + "/api/values/4");

        //MessageBox.Show(response.RequestMessage.ToString());
        string s = await response.Content.ReadAsStringAsync();
        MessageBox.Show(s);
    }

0 个答案:

没有答案