Azure活动目录-允许令牌访问者 [英] Azure active directory - Allow token audiences
问题描述
我正在尝试在Azure中查找有关允许的令牌受众"的文档, 但似乎没有任何东西.我在那里放置的价值 是与令牌一起返回的resourceid.
I am trying find documentation on "ALLOWED TOKEN AUDIENCES" in Azure, but there does not appear to be any. The value that I have placed in there was the resourceid that was returned with the token.
这是什么意思?任何指向文档的链接将不胜感激.
What does this mean? any link to documentation will be much appreciated.
PS.实际页面上的学习链接对此没有提及,并且 屏幕快照似乎较旧,并且没有此字段.
PS. the learning link on the actual page mentions nothing about this, and the screenshots appear to be older and do not have this field.
预先感谢
推荐答案
我也一直在文档中绊脚石.这就是我要使用消耗后端API应用程序的Angular前端应用程序的方法.
I've been stumbling around the documentation, too. Here's what I've gotten to work with an Angular Front-end app that consumes a back-end API app.
在前端应用程序中,用户单击链接并向Azure目录进行身份验证.令牌在浏览器中保持会话状态.
In the front-end app, the user clicks a link and authenticates with Azure Directory. The token is kept in session in the browser.
接下来,用户希望与API应用进行交互.
方法如下:
Next, the user wants to interact with the API app.
Here's how:
- 转到Azure中的API App的应用程序服务.
- 导航到身份验证/授权
- 打开应用程序服务身份验证"
- 在身份验证提供者下,选择"Azure Active Directory"
- 选择高级"按钮
- 在客户端ID"字段中,从API应用程序的Azure Active Directory应用程序注册中插入应用程序ID".您应该已经在Azure Active Directory中注册了API应用.
- 在允许令牌访问者"字段中,从前端应用程序的Azure Active Directory应用程序注册中插入应用程序ID".您应该已经在Azure Active Directory中注册了前端应用程序.
安全是如此重要.令我震惊的是,围绕这些内容的文档有多么令人困惑.奥文/卡塔纳(Owin/Katana)好像快要出路了.基于此配置,您将不需要任何配置. Owin是成功者的另一个迹象是与Microsoft/System IdentityModel相关的巨大突破性变化,似乎无法构建,辨别,修复yada yada.我希望Microsoft创建一个端点",以显示出什么内容和哪些内容以及如何执行此特定步骤.如果您可以让您的应用程序做到这一点,那真的很干净.
Security is so important. It blows my mind how confusing the documentation is around this stuff. Owin/Katana looks like it's on the way out. Based on this configuration, you wont need any of it. The other sign that Owin is a goner is the massive breaking change related to Microsoft/System IdentityModel that seems impossible build, discern, fix, yada yada. I wish Microsoft would create an "endpoint" that would show what's out and what's in. and how to do this particular step. If you can get your apps to do this, it's real clean.
这篇关于Azure活动目录-允许令牌访问者的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
