我的情况就像我必须在Azure Web App中部署Web API(.NET Framework),并且所有请求都应通过Azure AD身份验证进行。我在Google上搜索,发现了Microsoft提供的类似案例。我遵循了Microsoft提供的以下示例,当我在计算机上测试此代码时,它可以正常工作。
Native client to Web API to Web API.
就我而言,我能够生成OAuth2令牌,但问题是我总是会收到401未经授权的错误。我关注了许多博客,但无法弄清楚是什么原因引起了问题。真的很感谢您的帮助。
这是我的代码:
Startup.cs
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
}
}
Startup.Auth.cs
public void ConfigureAuth(IAppBuilder app)
{
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
TokenValidationParameters = new TokenValidationParameters { ValidAudience = ConfigurationManager.AppSettings["ida:Audience"] }
});
}
Controller.cs
[Authorize]
[EnableCors(origins: "*", headers: "*", methods: "*")]
public class AuthController : ApiController
{
[HttpGet]
public HttpResponseMessage Get()
{
try
{
using (sqldbEntities entities = new sqldbEntities())
{
return Request.CreateResponse(HttpStatusCode.OK, (ConfigurationManager.AppSettings["GetMethod"]));
}
}
catch (Exception ex)
{
Log4net.log.Error(string.Format(ConfigurationManager.AppSettings["ErrorGetData"], ex.Message));
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ex.Message);
}
}
以两种方式生成令牌: 方法1)从另一个ASP.NET应用程序
private static AuthenticationContext authContext = null;
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
Uri redirectUri = new Uri(ConfigurationManager.AppSettings["ida:RedirectUri"]);
private static string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
private static string todoListResourceId = ConfigurationManager.AppSettings["todo:TodoListResourceId"];
protected async void Button1_Click(object sender, EventArgs e)
{
authContext = new AuthenticationContext(authority);
AuthenticationResult result = null;
result = await authContext.AcquireTokenAsync(todoListResourceId, clientId, redirectUri, new PlatformParameters(PromptBehavior.Always));
TextBox1.Text = result.AccessToken;
}
方法2)来自邮递员 网址:https://login.microsoftonline.com/myad.onmicrosoft.com/oauth2/token
方法:POST
身体: grant_type = authorization_code&client_id = 89479d4f-aaaa-4ebf-80f2-13e423431bfb&client_secret = hZ_8Ls1EmFarH_lPn4 = aaaa-k8TJ_&redirect_uri = https://NAClient-OBO/&code=AQABAAIAAABeAFzDwllzTYGDLh_qYbH8KZRKktzMuxXp0hM6k1B__lWQrxaikd6wwrYrKZ470UAdr4g1GqAPWja6JgpqsDtLefE23vW80qP7xgVodury28LkGLzL1Mbq0auUeiBaaaa-oCZf11o5EsaSVRVlke6FMkbIn_ppA_GsEBhIAEjxHXXjkrIcp-e4g0G5t9prme4IZ0Sg2_L4MvN6TAyr-nEPGDlnWZLBkRvu8Izsm3RiI_cnneCi1xonZaKBSlsgONIwpgN1bOaz16OVW2uu5lTiz206CSrJtzWeKkitPNUx2Gnn-RnZcCUVDyLxK-eJy8o_ggn_iu7F7kdjKj-b70Gfp5BPYx6fxB4Zyw8tpnWzVkLG7IbLGx9di112u-UGgVSBfWQiO5w3a4Mx2KdDcUihMlVW_mgBUdQi4160AKq1Id9ZcpJEKCT11KWwkO25_q7huCxJ_6-mEU4ADCGjj8hDOtRLGNeZMwhB13rYTN7qGQMmpX491RoldCfpfevva16DhQl5VHbIqspknkK1pFHvh90J47DSg0VihQOIQp1FZ7EgAA&resource=89479d4f-aaaa-4ebf-80f2-13e423431bfb
请帮助。
答案 0 :(得分:1)
根据我的测试,我们可以使用以下步骤来实现它
为您的Web API配置Azure AD。有关更多详细信息,请参阅document
a。创建Azure AD Web API应用程序
b。 Expose API
配置代码
网络api
a。 Startup.cs
public void ConfigureAuth(IAppBuilder app)
{
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = "<your tenant id>",
TokenValidationParameters = new TokenValidationParameters
{
ValidAudiences = new[] { "your web api application app id url", "your web api application app id" }
},
}) ;;
}
b。控制器
[Authorize]
[EnableCors(origins: "*", headers: "*", methods: "*")]
public class ValuesController : ApiController
{
// GET api/values
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
}
var authority = "https://login.microsoftonline.com/<your tenat id>";
AuthenticationContext authContext = new AuthenticationContext(authority);
var uri = "< your redirect url>";
var clientId = "< your client application app id>";
var resource = "<your web api application app id url or your web api application app id>";
var result = authContext.AcquireTokenAsync(resource, clientId, new Uri(uri), new PlatformParameters(PromptBehavior.Always)).Result;
using (HttpClient httpClient = new HttpClient())
{
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
var response = httpClient.GetAsync("https://localhost:44345/api/values").Result;
Console.WriteLine(response.StatusCode);
Console.WriteLine(response.Content.ReadAsStringAsync().Result);
}