Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/308.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# Web API授权属性,Azure AD返回401个未经授权的守护程序应用程序_C#_Asp.net Core_Azure Active Directory_Azure Api Apps - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# Web API授权属性,Azure AD返回401个未经授权的守护程序应用程序

C# Web API授权属性,Azure AD返回401个未经授权的守护程序应用程序

c# asp.net-core azure-active-directory

C# Web API授权属性,Azure AD返回401个未经授权的守护程序应用程序,c#,asp.net-core,azure-active-directory,azure-api-apps,C#,Asp.net Core,Azure Active Directory,Azure Api Apps,下面我将介绍如何使用Azure AD Auth设置我的ASP.NET核心Web API,以便将其称为我的a守护程序应用程序客户端 我相信我已经按照指南设置好了所有内容,但是当我获得令牌并调用API时,我仍然会在控制器上得到401,并带有[Authorize]属性 我一定错过了什么。以下是相关代码: Startup.cs public void ConfigureServices(IServiceCollection services) { ... services .Ad

下面我将介绍如何使用Azure AD Auth设置我的ASP.NET核心Web API,以便将其称为我的a守护程序应用程序客户端

我相信我已经按照指南设置好了所有内容,但是当我获得令牌并调用API时,我仍然会在控制器上得到401,并带有
[Authorize]
属性

我一定错过了什么。以下是相关代码:

Startup.cs

public void ConfigureServices(IServiceCollection services)
{
...
    services
        .AddAuthentication(AzureADDefaults.JwtBearerAuthenticationScheme)
        .AddAzureADBearer(options => Configuration.Bind("AzureAd", options));

    services.Configure<JwtBearerOptions>(AzureADDefaults.JwtBearerAuthenticationScheme, options =>
    {
        options.TokenValidationParameters.ValidAudiences = new[]
        {
            options.Audience, // my-api-client-id-guid
            Configuration["AadAudienceUrl"], // https://myapi.azurewebsites.net
        };
    }
...
}

public static void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
    app.UseAuthorization();
...
}
MyController.cs

[Authorize] // No role checks yet, just want to get basic auth working first
[ApiController]
[Route("mycontroller")]
public class MyController : ControllerBase
{
...
}
获取令牌的客户端代码:

AuthenticationContext ac = new AuthenticationContext(
      authority: "https://login.microsoftonline.com/my-tenant-id-guid",
      validateAuthority: true);
AuthenticationResult ar = await ac.AcquireTokenAsync(
  "my-api-client-id-guid", 
  // "https://myapi.azurewebsites.net", // Both of these return a token successfully, but return 401 when used
  new ClientCredential("my-daemon-app-client-id-guid", "daemon-app-secret"));
var token = new AuthenticationHeaderValue(ar.AccessTokenType, ar.AccessToken);
WebAPI的清单:

"appRoles": [
  {
    "allowedMemberTypes": [
      "Application"
    ],
    "description": "Allow the application to access the service",
    "displayName": "Application Access",
    "id": "my-access-guid",
    "isEnabled": true,
    "lang": null,
    "origin": "Application",
    "value": "ApplicationAccess"
  }
],
我已将此应用程序角色授予守护程序应用程序: 
需要用户分配?
对于Web API设置为

要成功返回,我缺少什么?

您应该添加身份验证中间件
app.UseAuthentication()


app.UseAuthentication();
app.UseAuthorization();



因此,JWT承载中间件将处理令牌验证和用户身份验证。
您是一个救生员。我一定是在什么地方的文件里漏掉了。非常感谢。

app.UseAuthentication();
app.UseAuthorization();