在AAD受保护的Azure Web App中检索访问令牌 [英] Retrieve Access Token within a AAD secured Azure Web App
问题描述
我在Azure Web应用程序中托管了Angular4应用程序,在Azure API应用程序中托管了.NET核心Web API.
I have an Angular4 Application hosted in an Azure Web App and a .NET core Web API hosted in an Azure API App.
API已通过Azure Active Directory保护.目前,我使用ng2-adal来获取访问令牌,然后将其注入到标头中以执行API调用.
The API is secured with Azure Active Directory. Currently I use ng2-adal to aquire an access token which I inject to the headers to perform my API calls.
现在,我尝试删除ng2-adal模块,并使用 same ClientId(例如API)使用身份验证/授权功能保护我的Web应用程序.当我浏览到我的网站时,我将重定向到AAD登录名,而在成功登录后,我将被重定向到我的站点.现在,我不想在Web应用程序中调用API(由相同的ClientId进行保护),但是找不到找到令牌的方法.
Now I try to remove the ng2-adal module and secure my Web App with the Authentication / Authorization feature using the same ClientId (like the API). When I browse to my website I get redirected to the AAD login and after I successfully login, I get redirected to my site. Now I wan't to call the API (that is secured with the same ClientId) within my Web App but can't find a way to retrieve the token.
在这种情况下,是否可以在我的Angular应用中获取访问令牌? 令牌似乎已加密存储在AppServiceAuthSession Cookie中:
Is there a way to retrieve the access token within my Angular App in this scenario? It looks like the token is stored encrypted within the AppServiceAuthSession Cookie:
推荐答案
AppServiceAuthSession
是cookie,它不同于令牌.在这种情况下,您需要修改Azure应用程序的配置,以使其获取Web API的access_token.
The AppServiceAuthSession
is cookie which is different than a token. In this scenario, you need to modify the config of Azure app to make it acquire the access_token for the web API.
我们可以使用资源浏览来修改如下设置:
We can use the Resource Explore to modify the settings like below:
1.找到有角度的网络应用程序
1 . locate the angular web app
2.找到config-> authsettings(资源是用于保护您的应用程序的Azure应用程序的clientId)
2 . locate the config->authsettings(resource is the clientId of Azure app which used to protect your apps)
"additionalLoginParams": [
"response_type=code id_token",
"resource=3fa9607b-63cc-4050-82b7-91e44ff1df38"
],
3.如下配置Azure应用程序的redirect_uri:
https://appfei.azurewebsites.net/.auth/login/aad/callback
3. config the redirect_uri for Azure app like below:
https://appfei.azurewebsites.net/.auth/login/aad/callback
然后,在登录角度应用程序后,您可以通过端点获取 access_token :
https://appfei.azurewebsites.net/.auth/me
Then after you login in the angular app, you can get the access_token via the endpoint:
https://appfei.azurewebsites.net/.auth/me
然后,我们需要使用如下图所示的高级Azure Active Settings 保护Web API,以使access_token可以调用Web API:
Then we need to protect the web API using the Advanced Azure Active Settings like figure below to enable the access_token could call the web API:
这篇关于在AAD受保护的Azure Web App中检索访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!