【发布时间】:2020-03-25 05:46:10
【问题描述】:
我是使用 Azure Active Directory 实施的初学者。我有一个带有 Azure Active Directory 保护的 WEB API (.net core)。我正在尝试通过 Postman 使用我的 WEB API,我知道它需要一个 Auth2 令牌来使用 Web API。我已经根据documentation link 生成了 auth2 令牌。
生成 Auth2 令牌后,在头部添加 auth2 令牌,如 Authorization: Bearer e....,但结果总是如下图所示。
我确定我会在“API 权限”部分提供所需的权限,并且“权限类型”在 Azure 门户中是“委派权限”。
请看我的启动课:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(o =>
{
o.Filters.Add(new AuthorizeFilter("default"));
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddAuthorization(o =>
{
o.AddPolicy("default", policy =>
{
// Require the basic "Access app-name" claim by default
policy.RequireClaim(DotNetCoreApiSample.Authorization.Constants.ScopeClaimType, "user_impersonation");
});
});
services
.AddAuthentication(o =>
{
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
o.Authority = Configuration["Authentication:Authority"];
o.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
// Both App ID URI and client id are valid audiences in the access token
ValidAudiences = new List<string>
{
Configuration["Authentication:AppIdUri"],
Configuration["Authentication:ClientId"]
}
};
});
// Add claims transformation to split the scope claim value
services.AddSingleton<IClaimsTransformation, AzureAdScopeClaimTransformation>();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
// Very important that this is before MVC (or anything that will require authentication)
app.UseAuthentication();
app.UseMvc();
}
}
【问题讨论】:
标签: .net azure asp.net-web-api azure-active-directory azureportal