如何在Azure中获取用于Network Rest API的访问令牌? [英] How to get access token in Azure for Network Rest API?

问题描述

以下是通过引用Azure网络API得出的要点:

以下信息是所有任务共有的信息:

1. 将{api-version}替换为2015-06-15.
2. 在您的URI中将{subscription-id}替换为您的订阅标识符.
3. 将{resource-group-name}替换为资源组.有关更多信息，请参见使用资源组来管理您的Azure资源.
4. 将Content-Type标头设置为application/json.
5. 将授权"标头设置为从Azure Active Directory获得的JSON Web令牌.

我对第五点感到困惑.您能指导我如何使用Azure Active Directory获取访问令牌吗?

解决方案

Azure Active Directory是基于RFC 6749

在这种情况下，如果在3中调用的服务器遭到破坏，则凭据仍将是安全的，并且攻击者将只能访问资源，直到令牌过期为止.因此，令牌通常是短暂的.

您可以通过向具有以下内容的 login.microsoftonline.com 发出POST请求来获得令牌

  POST contoso.com/oauth2/token HTTP/1.1主机:login.microsoftonline.com内容类型:application/x-www-form-urlencodedgrant_type = client_credentials& client_id = 625bc9f6-3bf6-4b6d-94ba-e97cf07a22de& client_secret = qkDwDJlDfig2IpeuUZYKH1Wb8q1V0ju6sILxQQqhJ + s = F2％2％com％F. 

将会产生以下响应

  {"access_token":"eyJhbGciOiJSUzI1NiIsIng1dCI6IjdkRC1 {shorted}"，"token_type":承载者"，"expires_in":"3599"，"expires_on":"1388452167"，资源":"https://service.contoso.com/"} 

由此，您可以获取访问令牌并在您的应用程序中使用它.

这是Azure的身份验证流程，无法将其更改为仅使用预配置的令牌.即使您使用证书，您仍将获得一个令牌，并使用该令牌对资源进行授权.

Following are the Points by reference to the Azure Network API:

The following information is common to all tasks:

1. Replace {api-version} with 2015-06-15.
2. Replace {subscription-id} with your subscription identifier in the URI.
3. Replace {resource-group-name} with the resource group. For more information, see Using Resource groups to manage your Azure resources.
4. Set the Content-Type header to application/json.
5. Set the Authorization header to a JSON Web Token that you obtain from Azure Active Directory.

I am confused about the 5th point. Can you please guide me to how to get access token using Azure Active Directory?

解决方案

Azure Active Directory is built upon the oauth authentication protocols, as defined in RFC 6749 The OAuth 2.0 Authorization Framework

The concept behind using tokens is that you can authenticate to a central authority and then have permissions granted to a separate system without needing to give that system your credentials.

from Service to Service Calls Using Client Credentials

In this case if the server that was called in 3 was compromised, credentials would still be safe, and the attacker would only have access to resources until the token expired. Hence tokens are generally short lived.

You can obtain a token by making a POST request to login.microsoftonline.com with the following content

POST contoso.com/oauth2/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id=625bc9f6-3bf6-4b6d-94ba-e97cf07a22de&client_secret=qkDwDJlDfig2IpeuUZYKH1Wb8q1V0ju6sILxQQqhJ+s=&resource=https%3A%2F%2Fservice.contoso.com%2F

Which will produce the following response

{
"access_token":"eyJhbGciOiJSUzI1NiIsIng1dCI6IjdkRC1{shorted}",
"token_type":"Bearer",
"expires_in":"3599",
"expires_on":"1388452167",
"resource":"https://service.contoso.com/"
}

From this you can take the access token and use it in your application.

This is the authentication flow for Azure and it is not possible to change it to simply use a pre-configured token. Even if you use a certificate you still obtain a token with it and use that to authorise against resources.

这篇关于如何在Azure中获取用于Network Rest API的访问令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！