C# Web API授权属性,Azure AD返回401个未经授权的守护程序应用程序
下面我将介绍如何使用Azure AD Auth设置我的ASP.NET核心Web API,以便将其称为我的a守护程序应用程序客户端 我相信我已经按照指南设置好了所有内容,但是当我获得令牌并调用API时,我仍然会在控制器上得到401,并带有C# Web API授权属性,Azure AD返回401个未经授权的守护程序应用程序,c#,asp.net-core,azure-active-directory,azure-api-apps,C#,Asp.net Core,Azure Active Directory,Azure Api Apps,下面我将介绍如何使用Azure AD Auth设置我的ASP.NET核心Web API,以便将其称为我的a守护程序应用程序客户端 我相信我已经按照指南设置好了所有内容,但是当我获得令牌并调用API时,我仍然会在控制器上得到401,并带有[Authorize]属性 我一定错过了什么。以下是相关代码: Startup.cs public void ConfigureServices(IServiceCollection services) { ... services .Ad
[Authorize]
属性
我一定错过了什么。以下是相关代码:
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
...
services
.AddAuthentication(AzureADDefaults.JwtBearerAuthenticationScheme)
.AddAzureADBearer(options => Configuration.Bind("AzureAd", options));
services.Configure<JwtBearerOptions>(AzureADDefaults.JwtBearerAuthenticationScheme, options =>
{
options.TokenValidationParameters.ValidAudiences = new[]
{
options.Audience, // my-api-client-id-guid
Configuration["AadAudienceUrl"], // https://myapi.azurewebsites.net
};
}
...
}
public static void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
app.UseAuthorization();
...
}
MyController.cs
[Authorize] // No role checks yet, just want to get basic auth working first
[ApiController]
[Route("mycontroller")]
public class MyController : ControllerBase
{
...
}
获取令牌的客户端代码:
AuthenticationContext ac = new AuthenticationContext(
authority: "https://login.microsoftonline.com/my-tenant-id-guid",
validateAuthority: true);
AuthenticationResult ar = await ac.AcquireTokenAsync(
"my-api-client-id-guid",
// "https://myapi.azurewebsites.net", // Both of these return a token successfully, but return 401 when used
new ClientCredential("my-daemon-app-client-id-guid", "daemon-app-secret"));
var token = new AuthenticationHeaderValue(ar.AccessTokenType, ar.AccessToken);
WebAPI的清单:
"appRoles": [
{
"allowedMemberTypes": [
"Application"
],
"description": "Allow the application to access the service",
"displayName": "Application Access",
"id": "my-access-guid",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": "ApplicationAccess"
}
],
我已将此应用程序角色授予守护程序应用程序:
需要用户分配?
对于Web API设置为否
要成功返回,我缺少什么?您应该添加身份验证中间件
app.UseAuthentication()代码>:
app.UseAuthentication();
app.UseAuthorization();
因此,JWT承载中间件将处理令牌验证和用户身份验证。您是一个救生员。我一定是在什么地方的文件里漏掉了。非常感谢。
app.UseAuthentication();
app.UseAuthorization();