問(wèn)題描述
我想在 Azure Functions 上啟用身份驗(yàn)證.因此,我決定使用 EasyAuth(平臺(tái)功能下的身份驗(yàn)證/授權(quán)鏈接)并成功配置身份驗(yàn)證過(guò)程.
當(dāng)我手動(dòng)登錄到 Azure Function 端點(diǎn)時(shí),身份驗(yàn)證工作.但是,當(dāng)我嘗試以編程方式訪(fǎng)問(wèn) API 時(shí),無(wú)需任何手動(dòng)用戶(hù)干預(yù),就會(huì)遇到身份驗(yàn)證問(wèn)題:
狀態(tài)碼:401,未授權(quán)我使用以下代碼使用 clientID 和 clientSecret 從 AAD 獲取訪(fǎng)問(wèn)令牌:
AuthenticationContext context = new AuthenticationContext("https://login.windows.net/<tenant-id>");字符串鍵=<客戶(hù)端密碼>";ClientCredential cc = new ClientCredential("<client-id>", key);AuthenticationResult 結(jié)果 = context.AcquireTokenAsync("https://<AzureFunctionAppName>.azurewebsites.net/", cc).Result;返回結(jié)果.AccessToken;然后我嘗試將在標(biāo)頭中收到的訪(fǎng)問(wèn)令牌發(fā)送到我的 API 的新請(qǐng)求:
var content = "{"on":true, "sat":254, "bri":254, "hue":10000}";var AADToken = GetS2SAccessToken();HttpClient 客戶(hù)端 = 新 HttpClient();Client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", AADToken);var foo = Client.PostAsync("https://<AzureFunctionAppName>.azurewebsites.net/.auth/login/aad", new StringContent(content.ToString())).Result;Console.WriteLine($"result: {foo}");但是上面的代碼會(huì)導(dǎo)致未經(jīng)授權(quán)的調(diào)用.我不確定我做錯(cuò)了什么.
如果你的 azure function 認(rèn)證級(jí)別是 anonymous 或 ,我們可以使用 accesstoken 直接訪(fǎng)問(wèn)你的 azure function api功能鍵也是必需的.
我通過(guò)您提到的方式獲得了訪(fǎng)問(wèn)令牌.根據(jù) Azure 資源門(mén)戶(hù) (
然后我可以直接使用訪(fǎng)問(wèn)令牌.我用郵遞員測(cè)試它.
我們也可以通過(guò)以下方式獲取easy auth token.訪(fǎng)問(wèn)token就是你拿到的token.
發(fā)布 https://xxx.azurewebsites.net/.auth/login/aad內(nèi)容類(lèi)型:應(yīng)用程序/json{access_token":eyJ0eXAiOix...rtf2H7lyUL-g34HVw"}之后我們就可以使用get token來(lái)訪(fǎng)問(wèn)azure函數(shù)api了
注意:標(biāo)頭是x-zumo-auth:token
I wanted to enable authentication on Azure Functions. So, I decided to go with EasyAuth (Authentication/Authorization link under platform features) and was successfully able to configure the authentication process.
The authentication works when I manually sign-in to the Azure Function endpoint. But when I try to programmatically access the API, without any manual user intervention, I'm facing authentication issue:
Status Code:401, Unauthorized
I get an access token from AAD using clientID and clientSecret using the following code:
AuthenticationContext context = new AuthenticationContext("https://login.windows.net/<tenant-id>");
string key = "<client-secret>";
ClientCredential cc = new ClientCredential("<client-id>", key);
AuthenticationResult result = context.AcquireTokenAsync("https://<AzureFunctionAppName>.azurewebsites.net/", cc).Result;
return result.AccessToken;
Then I'm trying to send the Access Token received in the header for a new request to my API:
var content = "{"on":true, "sat":254, "bri":254, "hue":10000}";
var AADToken = GetS2SAccessToken();
HttpClient Client = new HttpClient();
Client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", AADToken);
var foo = Client.PostAsync("https://<AzureFunctionAppName>.azurewebsites.net/.auth/login/aad", new StringContent(content.ToString())).Result;
Console.WriteLine($"result: {foo}");
But the above code is resulting in unauthorized calls. I am not sure what I'm doing wrong.
We could use the accesstoken to access the you azure function api directly, if your azure function authentication level is anonymous or function key is also required.
I get the access token with your mentioned way. According to the Azure Resources portal(https://resources.azure.com/), the default allowedAudiences is
"https://{functionAppName}.azurewebsites.net/.auth/login/aad/callback"
So I add the https://{functionAppName}.azurewebsites.net/ as allowed aduiences
Then I can use the access token directly. I test it with postman.
We also could use the following way to get easy auth token. The access token is the token that you got.
Post https://xxx.azurewebsites.net/.auth/login/aad
Content-Type:application/json
{
"access_token":"eyJ0eXAiOix...rtf2H7lyUL-g34HVw"
}
After that we could use the get token to access the azure function api
Note: Header is x-zumo-auth: token
這篇關(guān)于使用 Azure Active Directory 的 Azure Function 身份驗(yàn)證的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!