有没有一种方法可以通过JWT和Azure AD令牌授权Net Core 3.0 API [英] Is there a way to Authorize Net Core 3.0 APIs with JWT and also Azure AD Tokens

问题描述

我正在创建一个包含身份验证(无身份)的Web服务，并且用JWT保护了APIS(当用户登录或通过电子邮件，密码，名称等进行注册时，将返回令牌).也有一个使用MSAL的Microsoft登录/注册，我还创建了一个Azure应用.如何使用Microsoft验证登录名以返回JWT，或者如何使用JWT和Azure AD来实现API授权.

I'm creating a web service that contains authentication (no identity), and I protected the APIS with JWT (the token is returned when the user logs in or registers by email, password, name, etc..) but I also have a microsoft login/register using MSAL, I also created an Azure App. How do I validate the login with microsoft to return the JWT or how could I implement the API authorization using both JWT and Azure AD.

推荐答案

您当前已注册Azure应用程序，可以将其设置为客户端应用程序，然后需要创建代表api的后端应用程序，然后让用户登录到您的客户端应用程序以完成授权并获取访问令牌，最后使用该访问令牌调用api应用程序.

You have currently registered an Azure application, you can set it as a client application, and then you need to create a back-end application representing the api, and then let the user log in to your client application to complete authorization and obtain an access token, and finally use the the access token calls the api application.

操作过程如下:

首先公开后端应用程序的api，然后添加客户端应用程序.

First expose the api of the back-end application and add the client application.

接下来，在"API权限"下，授予您的前端应用程序对您的后端api的访问权限:

Next,under 'API permissions', give your front-end application access to your backend api:

• 在"API权限"下，单击添加权限"，然后单击我的API"标签.
• 找到您的后端应用程序，然后选择适当的范围.
• 点击添加权限".
• 获得您的API的管理员同意.

接下来，您需要使用

Next, you need to use the auth code flow to obtain an access token,which requires you to log in to the user and obtain the authorization code, and then use the authorization code to redeem the access token.

解析令牌:

最后，您可以使用令牌来调用api.

Finally, you can use the token to call the api.

完整的 查看全文