我怎样才能到的WebAPI执行无人值守的OAuth / OpenID认证的? [英] How can I perform unattended oauth / openid authentication to WebAPI?
问题描述
想象一下,在Windows Azure中注册的客户端和服务应用程序。
客户端是一个控制台,并运行无人值守的导通premise(例如执行测试过夜)
该服务使用OpenID登录连接通过OAuth的保护,通常访问的的WebAPI的服务,在Azure中托管。
如何能在客户端进行身份验证到服务没有任何类型用户登录交互(即应用程序本身来进行身份验证使用ADAL的.Net服务)?
我试过 ADAL 净的守护进程来的WebAPI样品但它仍然弹出一个身份验证对话框...
谢谢!
[修改]下面是一些code,显示的非常大致如何从客户端进行通信。所有应用ID等都是正确的。
VAR authContext =新AuthenticationContext(https://login.windows.net/common);
VAR的结果=等待authContext.AcquireTokenAsync(ServiceAppId,ClientCredential);
VAR的客户=新的HttpClient
{
BaseAddress =新的URI(https://开头本地主机:44301 /),};
client.DefaultRequestHeaders.Authorization =
新AuthenticationHeaderValue(
AuthenticationHeaderScheme.Bearer,
result.AccessToken);
VAR响应=等待client.GetAsync(API /某物);
VAR jsonString = response.Content.ReadAsStringAsync()结果。
这只是生产的登录页面的HTML ...
我也尝试添加 [HostAuthentication(OAuth2Bearer)] 等的服务API控制器和OWIN启动逻辑,但无济于事,如添加:
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
新WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
TokenValidationParameters =新TokenValidationParameters
{
ValidAudience = MYREALM,
}, 租客=mytenant.onmicrosoft.com
AuthenticationType = BearerAuthenticationType.OAuth2Bearer,
});
编辑:重读原来的职位,我想我现在明白发生了什么事情。你提到你的OpenID连接上你的应用程序,而且当你打的Web API,你回来HTML。我怀疑,当你打的Web API,而不是的oauth2中间件的OpenID连接中间件被触发。如果是这样的话,我建议采取一看<一个href=\"http://www.cloudidentity.com/blog/2014/04/28/use-owin-azure-ad-to-secure-both-mvc-ux-and-web-api-in-the-same-project/\" rel=\"nofollow\">http://www.cloudidentity.com/blog/2014/04/28/use-owin-azure-ad-to-secure-both-mvc-ux-and-web-api-in-the-same-project/有关如何对同一项目基于重定向的中间件和OAuth2用户受保护资源的中间件并存的说明。
原来的答复:你试过 https://github.com/AzureADSamples/NativeClient-Headless- DOTNET的?
这应该做你,你在找什么。对不起,简洁,在手机上:-)
HTH
诉
Imagine a client and service application registered in Windows Azure.
The client is a console and runs unattended on-premise (e.g. performing tests overnight) The service is a WebAPI service protected by oAuth and normally accessed using OpenID Connect, hosted in Azure.
How can the client authenticate to the service WITHOUT any sort of user login interaction (i.e. the app authenticates itself to the service using ADAL .Net)?
I tried the ADAL .Net Daemon to WebAPI sample but it still pops up an authentication dialog...
Thanks!
[edit] Here's some code to show very roughly how I communicate from the client. All the app ids etc. are correct.
var authContext = new AuthenticationContext("https://login.windows.net/common");
var result = await authContext.AcquireTokenAsync(ServiceAppId, ClientCredential);
var client = new HttpClient
{
BaseAddress = new Uri("https://localhost:44301/"),
};
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue(
AuthenticationHeaderScheme.Bearer,
result.AccessToken);
var response = await client.GetAsync("api/something");
var jsonString = response.Content.ReadAsStringAsync().Result;
That just produces login page HTML...
I've also tried adding [HostAuthentication("OAuth2Bearer")] etc. to the service api controller and adding in OWIN startup logic but to no avail, e.g:
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = myRealm,
},
Tenant = "mytenant.onmicrosoft.com",
AuthenticationType = BearerAuthenticationType.OAuth2Bearer,
});
EDIT: Re-reading the original post, I think I now understand what's going on. You mention that you have OpenId Connect on your app, and that when you hit the web API you get back HTML. I suspect the OpenId Connect middleware is being triggered when you hit the Web API, instead of the Oauth2 middleware. If that is the case, I recommend taking a look at http://www.cloudidentity.com/blog/2014/04/28/use-owin-azure-ad-to-secure-both-mvc-ux-and-web-api-in-the-same-project/ for instructions on how to have redirect-based middleware and OAuth2 protected resource middleware coexist on the same project.
Original answer: Have you tried https://github.com/AzureADSamples/NativeClient-Headless-DotNet? That should do what you you are looking for. Sorry for terseness, on the phone :-) HTH V.
这篇关于我怎样才能到的WebAPI执行无人值守的OAuth / OpenID认证的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
