C# 通过启用Azure目录的Azure代理访问本地Api
我正试图用Azure应用程序代理公开我的内部API 我已成功地将其配置为使用设置为Passthrough的预身份验证。当我将预验证更改为Azure Active Directory时,我可以通过浏览器成功访问端点。但是,当我尝试从代码中调用本地端点时,我会收到Microsoft登录页面的HTML。成功的请求将返回JSON响应 我正在关注一篇Microsoft文章: 通过安,我学会了我必须使用“http://localhost作为重定向URI的值,并将我的客户端应用程序配置为“移动和桌面应用程序”平台 这是我的密码:C# 通过启用Azure目录的Azure代理访问本地Api,c#,azure,oauth-2.0,azure-active-directory,azure-application-proxy,C#,Azure,Oauth 2.0,Azure Active Directory,Azure Application Proxy,我正试图用Azure应用程序代理公开我的内部API 我已成功地将其配置为使用设置为Passthrough的预身份验证。当我将预验证更改为Azure Active Directory时,我可以通过浏览器成功访问端点。但是,当我尝试从代码中调用本地端点时,我会收到Microsoft登录页面的HTML。成功的请求将返回JSON响应 我正在关注一篇Microsoft文章: 通过安,我学会了我必须使用“http://localhost作为重定向URI的值,并将我的客户端应用程序配置为“移动和桌面应用程序”
[Fact]
public async Task Successfully_authenticate_but_cant_access_the_proxy()
{
// Acquire Access Token from AAD for Proxy Application
var clientApp = PublicClientApplicationBuilder
.Create("b510069b-xxxx-xxxx-xxxx-9363xxxxxxxx") //Client Id for Client Application
.WithRedirectUri("http://localhost") // This must be configured as a "Mobile and desktop applications" platform in the client application
.WithTenantId("xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd") //Not sure if this is needed.
.WithAuthority("https://login.microsoftonline.com/xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd")
.Build();
AuthenticationResult authResult;
var accounts = await clientApp.GetAccountsAsync();
var account = accounts.FirstOrDefault();
IEnumerable<string> scopes = new string[] {"https://endpoints-xxx.msappproxy.net/user_impersonation"};
try
{
authResult = await clientApp.AcquireTokenSilent(scopes, account).ExecuteAsync();
}
catch (MsalUiRequiredException ex)
{
authResult = await clientApp.AcquireTokenInteractive(scopes).ExecuteAsync();
}
if (authResult != null)
{
//Use the Access Token to access the Proxy Application
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
var response = await httpClient.GetAsync("https://endpoints-xxx.msappproxy.net");
//Failing here. I'm receiving the HTML for the Sign-In page. I'm expecting a response with JSON.
var responseValue = await response.Content.ReadAsStringAsync();
}
}
[事实]
公共异步任务已成功\u身份验证\u但\u无法\u访问\u代理()
{
//从AAD获取代理应用程序的访问令牌
var clientApp=PublicClientApplicationBuilder
.创建(“b510069b-xxxx-xxxx-xxxx-9363xxxxxxxx”)//客户端应用程序的客户端Id
.WithRedirectUri(“http://localhost“”//必须在客户端应用程序中将其配置为“移动和桌面应用程序”平台
.WithTenantId(“xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd”)//不确定是否需要。
.有权https://login.microsoftonline.com/xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd")
.Build();
AuthenticationResult authResult;
var accounts=await clientApp.GetAccountsAsync();
var account=accounts.FirstOrDefault();
IEnumerable作用域=新字符串[]{”https://endpoints-xxx.msappproxy.net/user_impersonation"};
尝试
{
authResult=await clientApp.AcquireTokenSilent(作用域、帐户).ExecuteAsync();
}
捕获(MsalUiRequiredException ex)
{
authResult=await clientApp.AcquireTokenInteractive(scopes.ExecuteAsync();
}
if(authResult!=null)
{
//使用访问令牌访问代理应用程序
var httpClient=新的httpClient();
httpClient.DefaultRequestHeaders.Authorization=新的AuthenticationHeaderValue(“Bearer”,authResult.AccessToken);
var response=wait httpClient.GetAsync(“https://endpoints-xxx.msappproxy.net");
//此处失败。我正在接收登录页面的HTML。我期待JSON的响应。
var responseValue=await response.Content.ReadAsStringAsync();
}
}
是否有人通过Azure Active Directory的Azure应用程序代理成功访问本地端点?我向Microsoft开了一张罚单,他们能够识别问题 作用域在域名后需要第二个斜杠“/”:
IEnumerable<string> scopes = new string[] {"https://endpoints-xxx.msappproxy.net//user_impersonation"};
IEnumerable scopes=新字符串[]{”https://endpoints-xxx.msappproxy.net//user_impersonation"};
[Fact]
public async Task Successfully_authenticate_but_cant_access_the_proxy()
{
// Acquire Access Token from AAD for Proxy Application
var clientApp = PublicClientApplicationBuilder
.Create("b510069b-xxxx-xxxx-xxxx-9363xxxxxxxx") //Client Id for Client Application
.WithRedirectUri("http://localhost") // This must be configured as a "Mobile and desktop applications" platform in the client application
.WithTenantId("xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd") //Not sure if this is needed.
.WithAuthority("https://login.microsoftonline.com/xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd")
.Build();
AuthenticationResult authResult;
var accounts = await clientApp.GetAccountsAsync();
var account = accounts.FirstOrDefault();
IEnumerable<string> scopes = new string[] {"https://endpoints-xxx.msappproxy.net//user_impersonation"};
try
{
authResult = await clientApp.AcquireTokenSilent(scopes, account).ExecuteAsync();
}
catch (MsalUiRequiredException ex)
{
authResult = await clientApp.AcquireTokenInteractive(scopes).ExecuteAsync();
}
if (authResult != null)
{
//Use the Access Token to access the Proxy Application
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
var response = await httpClient.GetAsync("https://endpoints-xxx.msappproxy.net");
//Failing here. I'm receiving the HTML for the Sign-In page. I'm expecting a response with JSON.
var responseValue = await response.Content.ReadAsStringAsync();
}
}
[事实]
公共异步任务已成功\u身份验证\u但\u无法\u访问\u代理()
{
//从AAD获取代理应用程序的访问令牌
var clientApp=PublicClientApplicationBuilder
.创建(“b510069b-xxxx-xxxx-xxxx-9363xxxxxxxx”)//客户端应用程序的客户端Id
.WithRedirectUri(“http://localhost“”//必须在客户端应用程序中将其配置为“移动和桌面应用程序”平台
.WithTenantId(“xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd”)//不确定是否需要。
.有权https://login.microsoftonline.com/xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd")
.Build();
AuthenticationResult authResult;
var accounts=await clientApp.GetAccountsAsync();
var account=accounts.FirstOrDefault();
IEnumerable作用域=新字符串[]{”https://endpoints-xxx.msappproxy.net//user_impersonation"};
尝试
{
authResult=await clientApp.AcquireTokenSilent(作用域、帐户).ExecuteAsync();
}
捕获(MsalUiRequiredException ex)
{
authResult=await clientApp.AcquireTokenInteractive(scopes.ExecuteAsync();
}
if(authResult!=null)
{
//使用访问令牌访问代理应用程序
var httpClient=新的httpClient();
httpClient.DefaultRequestHeaders.Authorization=新的AuthenticationHeaderValue(“Bearer”,authResult.AccessToken);
var response=wait httpClient.GetAsync(“https://endpoints-xxx.msappproxy.net");
//此处失败。我正在接收登录页面的HTML。我期待JSON的响应。
var responseValue=await response.Content.ReadAsStringAsync();
}
}
var responseValue=wait response.Content.ReadAsStringAsync()?调试响应时,您能看到它的内容吗?var responseValue=await response.content.ReadAsStringAsync();-这是登录页面的HTML。