如何从Cordova Azure Authenticated应用程序查询Azure Web API [英] How do I query Azure Web API from Cordova Azure Authenticated app
问题描述
我为ios/android构建了VS2015 Cordova应用.该应用程序使用遵循
I built an VS2015 Cordova App for ios/android. The app uses an Azure mobile service tied to Azure Active Directory following this Microsoft Azure tutorial. This works well. When I try to do a directory search, I am prompted by Azure to authenticate using my tenant credentials.
下一步:
- 我创建了一个Azure Web API,该API在Azure SQL数据库上执行一些C.R.U.D.该API可以正常工作,我可以通过导航到 https:// [MyUniqueApi] .azurewebsites.net/api/values 从中获取数据(但不安全). >
-
然后我使用下面的屏幕快照在Azure中启用了Web API的身份验证. 启用后,我现在收到一个Microsoft登录页面,要求我对Web API进行身份验证,这很棒,而且可以预期会发生什么.
- I created an Azure Web API which does some C.R.U.D on an Azure SQL database. The API works fine and I get data from it (while unsecured) by navigating to https://[MyUniqueApi].azurewebsites.net/api/values.
I then enabled authentication for the Web API in Azure with the screenshot below. Once enabled, I now receive a Microsoft login page asking me to authenticate to the Web API, which is great and what I expect to happen.
现在,我希望我的Cordova应用无缝地(被动地)对Azure Active Directory进行身份验证(已经发生),并允许我访问Web API并返回数据.经典中的href ="https://azure.microsoft.com/zh-cn/documentation/articles/active-directory-integrating-applications/#BKMK_Exposed" rel ="nofollow noreferrer"> Microsoft Azure教程在Azure管理门户中,我将Cordova Native客户端应用程序配置为具有对我的Web API的权限. 同样在本教程之后,我更新了Web API清单,以将 oauth2AllowImplicitFlow 设置为 true ,并为Web API创建了密钥.
Now I would like my Cordova app to seamlessly (passive) authenticate to Azure Active Directory (already happening) and give me access to my Web API and return data. Following this Microsoft Azure tutorial, in the Classic Azure Management Portal, I configured the Cordova Native client application to have permissions to my Web API. Also following the tutorial, I updated the Web API manifest to set oauth2AllowImplicitFlow to true and created a key for the Web API.
一旦用户使用ADAL Cordova库进行了身份验证(工作正常,并且我收到了令牌),我想对我的Web API执行GET请求并返回数据.
Once the user has authenticated using the ADAL Cordova library (working just fine and I receive a token back), I would like to execute a GET request to my Web API and return data.
这是我遇到的麻烦,并且不确定如何构造对API的请求,因此它会传递令牌/凭证以从API返回数据,而无需进一步登录.成功验证到Azure Active Directory之后,这里是以下内容:
This is where I'm having trouble and not sure how to construct the request to the API so it passes along a token/credentials to return the data from the API without requiring further login. Here is what I have after I authenticate to Azure Active Directory successfully:
我尝试将ADAL返回的承载令牌传递给jQuery GET请求的标头,但这不起作用. jQuery done回调中的 data 变量(来自上面的屏幕截图)在返回时包含HTML.在检查HTML时,它是Microsoft Azure登录页面,这意味着我没有被动身份验证流.
I tried passing the bearer token returned by ADAL to the header of the jQuery GET request but that doesn't work. The data variable in the jQuery done callback (from the screenshot above) contains HTML when it's returned. When examining the HTML, it's the Microsoft Azure login page which means I'm not getting the passive authentication flow.
任何帮助将不胜感激!我假设我没有正确构建jQuery,或者没有正确传递令牌或证书,但找不到如何完成的示例.这与JavaScript.我认为我的Azure设置很好,但可以添加示例以帮助诊断问题.
Any help would be much appreciated! I'm assuming I'm not constructing the jQuery correctly, or not passing along a token or cred's correctly but can't find an example of how to accomplish this with javascript. I think my Azure setup is good, but can add examples of any further information needed to help diagnose the problem.
@vibronet 我非常希望您能回答我的问题.谢谢你这样做!我确实遵循了您指出的科尔多瓦样本.这是我起点的基础.根据您的建议,我更改了Azure Web API清单,并将隐式流重新设置为false(最初将其设置为true).如何使用/共享相同的accessToken查询图形API和Web API?在index.js文件中(来自github示例),app.requestData函数使用authResult中的accessToken.此authResult来自获取资源" https://graph.windows.net "的令牌.我现在想使用相同的accessToken从我的Web API获取数据,该Web API位于" https://mywebapi.azurewebsites.净".但是,我无法做到这一点,并且无法在xhr响应中接收HTML.
@vibronet I was very much hoping you would post an answer to my question. Thank you for doing so! I did follow the cordova sample you pointed out. It was the basis of my starting point. Per your suggestion, I altered my Azure Web API manifest and set the implicit flow back to false which I had initially set to true. How do I query the graph api and my web api using/sharing the same accessToken? In the index.js file (from the github example), the app.requestData function uses the accessToken from the authResult. This authResult was from getting a token for resource "https://graph.windows.net". I would now like to use this same accessToken to get data from my Web API which is at "https://mywebapi.azurewebsites.net". I'm unable to do that though and receive HTML in xhr response.
我在 Google文档中有示例.这将起作用并从图形api获取数据,但不会从 webApiResourceUri 处的资源获取数据.如果我分别验证Web API和图形API 并获得单独的accessToken,它可以工作,但会显示两个登录屏幕.这就是为什么jsFiddle在两个不同的函数中具有authenticateGraphApi和authenticateWebApi的原因,因为我不知道如何组合和使用相同的令牌.
I have the example here in google docs. This will work and get me data from the graph api, but will not get data from the resource at webApiResourceUri. If I authenticate the Web API and graph API separately and get separate accessTokens, it works but will put up two login screens. That's why the jsFiddle has authenticateGraphApi and authenticateWebApi in two different functions because I don't understand how to combine and use the same token.
在此先感谢您的帮助!
Thanks in advance for your help!
推荐答案
Arthur,您不需要隐式流,也不需要键来调用Web API.请在此处,尤其是 href ="https://github.com/Azure-Samples/active-directory-cordova-multitarget/blob/master/DirSearchClient/js/index.js" rel ="nofollow"> https://github.com/Azure -样本/活动目录-cordova-multitarget/blob/master/DirSearchClient/js/index.js
Arthur, you don't need the implicit flow nor a key to invoke your web API. Please refer to the Azure AD cordova sample here, and specifically to https://github.com/Azure-Samples/active-directory-cordova-multitarget/blob/master/DirSearchClient/js/index.js
更新以解决问题的第二部分:您永远不会使用相同的访问令牌来访问两个不同的资源.获得第一个访问令牌后,ADAL还获得了刷新令牌-可用于静默获取您已声明为必需资源的其他资源的新访问令牌.您可以通过调用AcquireTokenSilent
Update to address the 2nd part of the question: you never use the same access token for accessing two different resources. Once you obtained the first access token, ADAL also obtained a refresh token - which can be used to silently obtain new access tokens for the other resources that you app declared as required resources. You can avoid the 2nd login screen by invoking AcquireTokenSilent
这篇关于如何从Cordova Azure Authenticated应用程序查询Azure Web API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
