C# 如何使用Azure AD在WPF应用程序中验证web api
我在WPF应用程序中使用以下代码:C# 如何使用Azure AD在WPF应用程序中验证web api,c#,.net,azure-active-directory,azure-ad-graph-api,msal,C#,.net,Azure Active Directory,Azure Ad Graph Api,Msal,我在WPF应用程序中使用以下代码: var app = PublicClientApplicationBuilder.Create(_clientId) .WithRedirectUri("http://localhost/") .WithAuthority(Azure
var app = PublicClientApplicationBuilder.Create(_clientId)
.WithRedirectUri("http://localhost/")
.WithAuthority(AzureCloudInstance.AzurePublic, _tenantId).Build();
try
{
result = await app.AcquireTokenInteractive(scopes).ExecuteAsync();
}
catch (MsalUiRequiredException)
{
return Result<UserMetadata>.NotAuthorized("There was on error");
}
它是有效的
但是,我不希望所有端点都受到此方法的保护(我有其他身份验证机制)
我的想法是以某种方式在客户端上获取“code”变量(在浏览器窗口上设置的on,但不幸的是没有在我的C#代码中作为结果返回),将其发送到服务器上,并在特定的控制器内尝试“登录”用户(从该代码获取访问令牌)
原因是我已经有了自己的身份验证机制,该机制基于数据库中的users表。如果我理解正确,您希望通过使用AD仅保护选定的API端点。您当然可以通过如下方式设置您的
Startup.cs
:
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer("AAD", jwtOptions =>
{
jwtOptions.Authority = $"{appConfiguration.AppSettings.AadInstance}/{appConfiguration.AppSettings.AadDomain}";
jwtOptions.Audience = appConfiguration.AppSettings.AadClientId;
jwtOptions.Events = new JwtBearerEvents
{
OnAuthenticationFailed = arg =>
{
// invoked if authentication fails
return Task.FromResult(0);
}
};
});
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().AddAuthenticationSchemes("AAD").Build();
options.AddPolicy("AAD", new AuthorizationPolicyBuilder().RequireAuthenticatedUser().AddAuthenticationSchemes("AAD").Build());
});
[Authorize(Policy = "AAD")]
并且,向需要保护的控制器/操作方法添加一个属性,如下所示:
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer("AAD", jwtOptions =>
{
jwtOptions.Authority = $"{appConfiguration.AppSettings.AadInstance}/{appConfiguration.AppSettings.AadDomain}";
jwtOptions.Audience = appConfiguration.AppSettings.AadClientId;
jwtOptions.Events = new JwtBearerEvents
{
OnAuthenticationFailed = arg =>
{
// invoked if authentication fails
return Task.FromResult(0);
}
};
});
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().AddAuthenticationSchemes("AAD").Build();
options.AddPolicy("AAD", new AuthorizationPolicyBuilder().RequireAuthenticatedUser().AddAuthenticationSchemes("AAD").Build());
});
[Authorize(Policy = "AAD")]
我做了类似的事情[授权(AuthenticationSchemes=“ADSchema”)]