ADAL JS在调用WebApi时未附加用户令牌 [英] ADAL JS not attaching user token while invoking WebApi
问题描述
我正在使用 ADAL JS 根据Azure AD对用户进行身份验证。而且,由于我是 ADAL JS 的新手,我开始阅读以下文章,这些文章非常有帮助:
I am using ADAL JS for authenticating the users against Azure AD. And as I am new to ADAL JS, I started reading with following articles, which I find very informative:
- Introducing ADAL JS v1
- ADAL JavaScript and AngularJS – Deep Dive
阅读文章后,我的印象是 ADAL JS 拦截服务调用,并且如果服务URL在 AuthenticationContext 配置中注册为端点之一,则它将附加JWT令牌作为身份验证承载信息。
After reading the articles, I had the impression that ADAL JS intercepts the service calls and if the service url is registered as one of the endpoint in AuthenticationContext configuration, it attaches the JWT token as Authentication Bearer information.
但是,我发现同样的情况没有发生。经过一番挖掘,在我看来,只有同时使用 adal-angular 计数器部分(我目前未使用)的情况下,这才是可能的不是基于Angular。
However, I found the same is not happening in my case. And after some digging, it seemed to me that it is only possible, if adal-angular counter part is also used, which I am not using currently, simply because my web application is not based on Angular.
请告诉我我的理解是否正确。如果我需要显式添加承载信息,可以这样做,但是我更担心是否缺少一些现成的功能。
Please let me know if my understanding is correct or not. If I need to add the bearer information explicitly, the same can be done, but I am more concerned whether I am missing some out-of-the-box facility or not.
其他详细信息:我当前的配置如下:
private endpoints: any = {
"https://myhost/api": "here_goes_client_id"
}
...
private config: any;
private authContext: any = undefined;
....
this.config = {
tenant: "my_tenant.onmicrosoft.com",
clientId: "client_id_of_app_in_tenant_ad",
postLogoutRedirectUri: window.location.origin,
cacheLocation: "sessionStorage",
endpoints: this.endpoints
};
this.authContext = new (window["AuthenticationContext"])(this.config);
同样在服务器端(WebApi),身份验证配置(Startup.Auth)如下:
Also on server-side (WebApi), Authentication configuration (Startup.Auth) is as follows:
public void ConfigureOAuth(IAppBuilder app, HttpConfiguration httpConfig)
{
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = "my_tenant.onmicrosoft.com",
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = "client_id_of_app_in_tenant_ad"
}
});
}
但是,授权在 request.Headers 头中始终为空。
However, the Authorization is always null in request.Headers.
更新:同样适用于令牌的自动更新;与 adal-angular 结合使用时,令牌的更新可以通过调用 AuthenticationContext.acquireToken(resource,callback)在引擎盖下。如果我错了,请纠正我。
UPDATE: It seems that the same applies for auto-renewal of tokens as well; when used in conjunction with adal-angular, the renewal of token works seamlessly by calling AuthenticationContext.acquireToken(resource, callback) under the hood. Please correct me if I am wrong.
推荐答案
阅读文章后,我的印象是ADAL JS拦截服务调用,如果服务URL在AuthenticationContext配置中注册为端点之一,它将附加JWT令牌作为身份验证承载信息。
After reading the articles, I had the impression that ADAL JS intercepts the service calls and if the service url is registered as one of the endpoint in AuthenticationContext configuration, it attaches the JWT token as Authentication Bearer information.
这仅在您的应用程序基于角度时才有效。正如您所提到的,这种逻辑位于adal角。
This will work only if your application is angular based. As you mentioned, the logic for this lives in adal-angular.
但是,如果您想使用纯JS,则不会获得自动的 get-访问令牌并附加到标题支持。您可以使用 acquireToken(resource,callback api)获取端点的令牌。但是您将不得不在将请求发送到api的控制器中做一些工作。
If, however, you want to stick to pure JS, you will not get the automatic "get-access-token-and-attach-it-to-header" support. You can use acquireToken(resource, callback api to get a token for the endpoint. But you will have to do some work in the controller that is sending the request to the api.
这可能会给您一些想法: https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi/blob/master /TodoSPA/App/Scripts/Ctrls/todoListCtrl.js 。此示例不使用angular。
This might give you some idea: https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi/blob/master/TodoSPA/App/Scripts/Ctrls/todoListCtrl.js. This sample does not uses angular.
这篇关于ADAL JS在调用WebApi时未附加用户令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
