使用MSAL Auth令牌使用Web API 2 [英] Use MSAL Auth token to consume Web API 2

问题描述

我有一个ASP.Net Web API 2，我在该API上实现了以下安全性: https://docs.microsoft .com/zh-CN/azure/active-directory/develop/active-directory-devquickstarts-webapi-dotnet

I have an ASP.Net Web API 2 on which I implemented the following security: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-webapi-dotnet

工作正常，除非删除[Authorize]属性，否则无法访问控制器.

It worked, I can't access the controllers except if I remove the [Authorize] attribute.

现在，我有一个Xamarin应用程序中的登录用户.用户通过MSAL身份验证登录也可以正常工作. 非常基本的实现:

Now, I have a logged in user in a Xamarin app. The user is logged in via MSAL authentication which works fine too. Very basic implementation :

var authenticationResult = await App.IdentityClientApp.AcquireTokenSilentAsync(App.ClientScope);
var token = authenticationResult.Token;

现在，我想通过在DefaultRequestHeaders中提供MSAL身份验证令牌(如下所示)来访问Web API:

Now, I want to access the web API by giving the MSAL authentication token in the DefaultRequestHeaders with something like this :

this.httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);

反正有可能吗?如何使用此令牌使我的用户使用我的Web API?

Is there anyway this is possible ? How can I use this token to make my user consume my web API ?

谢谢！

推荐答案

教程 MSAL 的目标是AD v2.0，但您需要注册您的应用程序位于 apps.dev.microsoft.com ，并且您需要在Web API 2中使用中间件如下:

The tutorial Help protect a web API by using bearer tokens from Azure AD you mentioned targets on AD v1.0 and you need to register your apps on Azure Portal. While MSAL targets on AD v2.0 and you need to register your app at apps.dev.microsoft.com, and you need to use the middleware in your Web API 2 as follows:

var tvps = new TokenValidationParameters
{
    ValidAudience = clientId,
    ValidateIssuer = false,
};

app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
    AccessTokenFormat = new Microsoft.Owin.Security.Jwt.JwtFormat(tvps, new OpenIdConnectCachingSecurityTokenProvider("https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration"))
});

有关更多详细信息，您可以参考活动目录v2-devquickstarts-dotnet-api .

For more details, you could refer to active-directory-v2-devquickstarts-dotnet-api.

此外，您可以参考 AppModelv2-WebAPI-DotNet ，以获取有关Web api后端和通过MSAL访问Web api后端的移动客户端.

Additionally, you could refer to AppModelv2-WebAPI-DotNet for code samples about the web api backend and the mobile client via MSAL accessing the web api backend.

更新:

• 我下载了代码示例 AppModelv2-WebAPI-DotNet

按照如何向v2.0端点注册应用程序，以便为v2.0注册我的应用程序，如下所示:

Follow How to register an app with the v2.0 endpoint for registering my app for v2.0 as follows:

从上面的屏幕快照中复制 Application ID ，并将其更新到 TodoListClient 和 TodoListService 项目，如下所示:

Copy the Application Id from the above screenshot and update it to TodoListClient and TodoListService project as follows:

首先启动 TodoListService ，然后可以按如下所示调试 TodoListService :

Launch TodoListService first, then you could debug TodoListService as follows:

此外，您可以复制令牌并利用邮递员来模拟请求，如下所示:

Also, you could copy the Token and leverage postman to simulate the request as follows:

这篇关于使用MSAL Auth令牌使用Web API 2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！