問題描述

我有一個標記為公共(經過身份驗證)"的 Azure API 應用程序，并在相關網關中設置了 Azure Active Directory 身份，詳細信息請參見 保護 API 應用.

I have an Azure API App marked as "Public (authenticated)" and set up an Azure Active Directory identity in the associated gateway as detailed in Protect an API App.

然后我在同一個 Azure Active Directory 租戶中創建了一個本機應用程序，并在委派權限中添加了訪問網關的權限.

I then created a native application in the same Azure Active Directory Tenant and added permission to access the Gateway in the delegated permissions.

使用 ADAL 和以下代碼，我能夠成功地進行身份驗證并獲得訪問令牌，但我不知道如何使用它來訪問我的 API 應用程序.

Using ADAL and the following code, I'm able to successfully authenticate and get an access token, but I can't figure out how to use it to access my API app.

string Tenant = "[xxx].onmicrosoft.com";
string Authority = "https://login.microsoftonline.com/" + Tenant;
string GatewayLoginUrl = "https://[gateway].azurewebsites.net/login/aad";
string ClientId = "[native client id]";
Uri RedirectUri = new Uri("[native client redirect url]");

async Task<string> GetTokenAsync()
{
  AuthenticationContext context = new AuthenticationContext(Authority);
  PlatformParameters platformParams = new PlatformParameters(PromptBehavior.Auto, null);
  AuthenticationResult result = await context.AcquireTokenAsync(GatewayLoginUrl, ClientId, RedirectUri, platformParams);

  return result.AccessToken;
}

我已經手動輸入了一個 x-zumo-auth 標頭 測試了 API 應用程序，我進入了 Chrome，然后它就可以工作了，但是我使用 ADAL 獲得的令牌卻沒有.我還嘗試了他們的 示例代碼可以工作，但沒有給我刷新令牌.

I've tested the API app manually entering an x-zumo-auth header I get in Chrome and it works then, but not with a token I get using ADAL. I've also tried the browser forms described in their sample code which works but doesn't give me a refresh token.

我需要如何設置我的身份驗證代碼，以便我可以在我的 API 應用程序中使用 TokenCache 和 ADAL?

How do I need to set up my authentication code so I can use a TokenCache and ADAL with my API app?

推薦答案

您可能希望使用 AppServiceClient 對用戶進行身份驗證并調用受保護的 API 應用端點.將 Microsoft.Azure.AppService SDK (-pre) Nuget 包安裝到您的客戶端項目.

You may want to use AppServiceClient to authenticate the user and invoke a protected API App endpoint. Install Microsoft.Azure.AppService SDK (-pre) Nuget package to your client project.

您可以在 GitHub 上的 AzureCards 示例中找到更多詳細信息 - https://github.com/Azure-Samples/API-Apps-DotNet-AzureCards-Sample

You can find more details in the AzureCards samples on GitHub - https://github.com/Azure-Samples/API-Apps-DotNet-AzureCards-Sample

這篇關于使用 ADAL 對 Azure API 應用進行身份驗證的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！