Web API(.NET Framework)Azure AD身份验证始终返回401未经授权
我的情况就像我必须在Azure Web App中部署Web API(.NET Framework),并且所有请求都应通过Azure AD身份验证进行。我在Google上搜索,发现了Microsoft提供的类似案例。我遵循了Microsoft提供的以下示例,当我在计算机上测试此代码时,它可以正常工作。
Native client to Web API to Web API.
就我而言,我能够生成OAuth2令牌,但问题是我总是会收到401未经授权的错误。我关注了许多博客,但无法弄清楚是什么原因引起了问题。真的很感谢您的帮助。
这是我的代码:
Startup.cs
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
}
}
Startup.Auth.cs
public void ConfigureAuth(IAppBuilder app)
{
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
TokenValidationParameters = new TokenValidationParameters { ValidAudience = ConfigurationManager.AppSettings["ida:Audience"] }
});
}
Controller.cs
[Authorize]
[EnableCors(origins: "*", headers: "*", methods: "*")]
public class AuthController : ApiController
{
[HttpGet]
public HttpResponseMessage Get()
{
try
{
using (sqldbEntities entities = new sqldbEntities())
{
return Request.CreateResponse(HttpStatusCode.OK, (ConfigurationManager.AppSettings["GetMethod"]));
}
}
catch (Exception ex)
{
Log4net.log.Error(string.Format(ConfigurationManager.AppSettings["ErrorGetData"], ex.Message));
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message);
}
}
以两种方式生成令牌: 方法1)从另一个ASP.NET应用程序
private static AuthenticationContext authContext = null;
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
Uri redirectUri = new Uri(ConfigurationManager.AppSettings["ida:RedirectUri"]);
private static string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
private static string todoListResourceId = ConfigurationManager.AppSettings["todo:TodoListResourceId"];
protected async void Button1_Click(object sender, EventArgs e)
{
authContext = new AuthenticationContext(authority);
AuthenticationResult result = null;
result = await authContext.AcquireTokenAsync(todoListResourceId, clientId, redirectUri, new PlatformParameters(PromptBehavior.Always));
TextBox1.Text = result.AccessToken;
}
方法2)来自邮递员 网址:https://login.microsoftonline.com/myad.onmicrosoft.com/oauth2/token
方法:POST
身体: grant_type = authorization_code&client_id = 89479d4f-aaaa-4ebf-80f2-13e423431bfb&client_secret = hZ_8Ls1EmFarH_lPn4 = aaaa-k8TJ_&redirect_uri = https://NAClient-OBO/&code=AQABAAIAAABeAFzDwllzTYGDLh_qYbH8KZRKktzMuxXp0hM6k1B__lWQrxaikd6wwrYrKZ470UAdr4g1GqAPWja6JgpqsDtLefE23vW80qP7xgVodury28LkGLzL1Mbq0auUeiBaaaa-oCZf11o5EsaSVRVlke6FMkbIn_ppA_GsEBhIAEjxHXXjkrIcp-e4g0G5t9prme4IZ0Sg2_L4MvN6TAyr-nEPGDlnWZLBkRvu8Izsm3RiI_cnneCi1xonZaKBSlsgONIwpgN1bOaz16OVW2uu5lTiz206CSrJtzWeKkitPNUx2Gnn-RnZcCUVDyLxK-eJy8o_ggn_iu7F7kdjKj-b70Gfp5BPYx6fxB4Zyw8tpnWzVkLG7IbLGx9di112u-UGgVSBfWQiO5w3a4Mx2KdDcUihMlVW_mgBUdQi4160AKq1Id9ZcpJEKCT11KWwkO25_q7huCxJ_6-mEU4ADCGjj8hDOtRLGNeZMwhB13rYTN7qGQMmpX491RoldCfpfevva16DhQl5VHbIqspknkK1pFHvh90J47DSg0VihQOIQp1FZ7EgAA&resource=89479d4f-aaaa-4ebf-80f2-13e423431bfb
请帮助。
1 个答案:
答案 0 :(得分:1)
根据我的测试,我们可以使用以下步骤来实现它
-
为您的Web API配置Azure AD。有关更多详细信息,请参阅document
a。创建Azure AD Web API应用程序
b。 Expose API
-
配置代码
-
网络api
a。 Startup.cs
public void ConfigureAuth(IAppBuilder app) { app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Tenant = "<your tenant id>", TokenValidationParameters = new TokenValidationParameters { ValidAudiences = new[] { "your web api application app id url", "your web api application app id" } }, }) ;; }b。控制器
[Authorize] [EnableCors(origins: "*", headers: "*", methods: "*")] public class ValuesController : ApiController { // GET api/values public IEnumerable<string> Get() { return new string[] { "value1", "value2" }; } } - 客户端应用程序。我使用控制台应用程序调用api
var authority = "https://login.microsoftonline.com/<your tenat id>"; AuthenticationContext authContext = new AuthenticationContext(authority); var uri = "< your redirect url>"; var clientId = "< your client application app id>"; var resource = "<your web api application app id url or your web api application app id>"; var result = authContext.AcquireTokenAsync(resource, clientId, new Uri(uri), new PlatformParameters(PromptBehavior.Always)).Result; using (HttpClient httpClient = new HttpClient()) { httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); var response = httpClient.GetAsync("https://localhost:44345/api/values").Result; Console.WriteLine(response.StatusCode); Console.WriteLine(response.Content.ReadAsStringAsync().Result); }
-
- Pinterest API:身份验证无效:401(未经授权)
- 使用node.js和passport.js的Google身份验证始终返回401(未经授权)
- Web API基本身份验证始终未经授权
- devise_token_auth始终返回401未经授权
- Laravel Passport始终返回401未经身份验证的
- Web API(.NET Framework)Azure AD身份验证始终返回401未经授权
- 401未经授权-调用启用了AD身份验证的Azure API
- JWT身份验证始终返回未经授权的401
- ASP.NET核心JWT身份验证始终抛出未经授权的401
- Azure AD身份验证和授权React.js
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?