获取链接到Azure AD承载令牌的用户名 [英] Get username linked to Azure AD bearer token
问题描述
我正在运行一个Cordova应用程序,该应用程序连接到Azure托管的Web API.我已经使用Azure AD承载身份验证保护了API的安全.当用户尝试呼叫终结点之一时,会将其转发到Azure AD登录页面,输入其凭据,然后为其提供令牌.令牌将添加到对API的所有后续请求中.我使用的是移动应用客户端SDK(cordova-plugin-ms-azure-mobile-apps).
I'm running a Cordova app which connects to a Web API hosted on Azure. I've got the API secured using Azure AD bearer authentication. When the user tries to call one of the endpoints, he's forwarded to the Azure AD sign-in page, enters his credentials and then is given the token. The token is added to all subsequent requests to the API. I'm using the mobile apps client SDK to do so (cordova-plugin-ms-azure-mobile-apps).
我现在想知道谁在服务器端调用API.我已经检查了Web API控制器的User属性.那里有一些信息,其中包括许多声明,但是没有什么类似于实际的用户名(只有sid).
I now would like to know who's calling the API, on the server side. I've inspected the User property of my Web API controller. There's some information there including a number of claims, but nothing which resembles the actual username (only a sid).
所以现在的问题是:
- 我可以以某种方式将信息添加到令牌中吗?由于该令牌来自Azure AD,所以我想这也是添加其他信息的地方,但是我不确定是否可行.
- 如果没有,我可以以某种方式使用sid将其转换为已登录的用户吗?
也许还有我没想到的其他选择.
And perhaps there's another options I didn't think of.
推荐答案
I found this: https://github.com/Azure/azure-mobile-apps-net-server/wiki/Understanding-User-Ids. It explains how the "stable_sid" property is a more stable identifier than the e-mail address of the user as you might have multiple authentication providers and a provider in turn might decide to change things on their side.
所以我得出的结论是,我将尝试重写某些东西以使用stable_sid标识符,而不是尝试查找电子邮件地址.
So I came to the conclusion that instead of trying to find the e-mail address, I'm going to rewrite some things to use the stable_sid identifier instead.
这篇关于获取链接到Azure AD承载令牌的用户名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
