Authentication 招摇过市认证是如何工作的?
您好,我已经为我的.net核心web应用程序开发了swagger UI。我已经添加了身份验证。我在我的Azure广告中注册了两个应用程序。一个用于Swagger,另一个用于后端.Net核心应用程序。下面是我的代码Authentication 招摇过市认证是如何工作的?,authentication,.net-core,azure-active-directory,swagger,swashbuckle,Authentication,.net Core,Azure Active Directory,Swagger,Swashbuckle,您好,我已经为我的.net核心web应用程序开发了swagger UI。我已经添加了身份验证。我在我的Azure广告中注册了两个应用程序。一个用于Swagger,另一个用于后端.Net核心应用程序。下面是我的代码 services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" });
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" });
c.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Type = "oauth2",
Flow = "implicit",
AuthorizationUrl = swaggerUIOptions.AuthorizationUrl,
TokenUrl = swaggerUIOptions.TokenUrl
});
c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
{ "oauth2", new[] { "readAccess", "writeAccess" } }
});
});
当我们开发swagger时,我们正在为swagger应用程序或后端应用程序获取访问令牌?我还有c.OAuthRealm并传递我的后端应用程序客户端id。这行代码实际上做什么?另外,当我在API顶部添加[Authorize]属性时,如果我试图直接点击API,它将无法工作。它只有在身份验证后才能工作。那么Authorize属性究竟是如何工作的呢?有人能帮我理解这些事情吗?任何帮助都将不胜感激。感谢关于如何配置Swagger以针对Azure AD进行身份验证,请参考以下步骤
- 为您的web API配置Azure广告。有关更多详细信息,请参阅 a。创建Azure AD web api应用程序 b。 c。配置代码
- 配置文件
- 配置昂首阔步。有关更多详细信息,请参阅 a。创建Azure Web应用程序 b。配置API权限。关于如何配置,您可以参考 c。代码
- 安装SDK
c.OAuthClientId(swaggerUIOptions.ClientId);
c.OAuthClientSecret(swaggerUIOptions.ClientSecret);
c.OAuthRealm(azureActiveDirectoryOptions.ClientId);
c.OAuthAppName("Swagger");
c.OAuthAdditionalQueryStringParams(new { resource = azureActiveDirectoryOptions.ClientId });
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"ClientId": "[Client_id-of-web-api-eg-2ec40e65-ba09-4853-bcde-bcb60029e596]",
"TenantId": "<your tenant id>"
},
services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
.AddAzureADBearer(options => Configuration.Bind("AzureAd", options));
<PackageReference Include="Swashbuckle.AspNetCore" Version="4.0.1" />
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" });
c.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Type = "oauth2",
Flow = "implicit",
AuthorizationUrl = $"https://login.microsoftonline.com/{Configuration["AzureAD:TenantId"]}/oauth2/authorize",
Scopes = new Dictionary<string, string>
{
{ "user_impersonation", "Access API" }
}
});
c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
{ "oauth2", new[] { "user_impersonation" } }
});
});
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.OAuthClientId(Configuration["Swagger:ClientId"]);
c.OAuthClientSecret(Configuration["Swagger:ClientSecret"]);
c.OAuthRealm(Configuration["AzureAD:ClientId"]);
c.OAuthAppName("My API V1");
c.OAuthScopeSeparator(" ");
c.OAuthAdditionalQueryStringParams(new { resource = Configuration["AzureAD:ClientId"] });
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
});