在AAD受保护的Azure Web App中检索访问令牌 [英] Retrieve Access Token within a AAD secured Azure Web App

问题描述

我在Azure Web应用程序中托管了Angular4应用程序，在Azure API应用程序中托管了.NET核心Web API.

I have an Angular4 Application hosted in an Azure Web App and a .NET core Web API hosted in an Azure API App.

API已通过Azure Active Directory保护.目前，我使用ng2-adal来获取访问令牌，然后将其注入到标头中以执行API调用.

The API is secured with Azure Active Directory. Currently I use ng2-adal to aquire an access token which I inject to the headers to perform my API calls.

现在，我尝试删除ng2-adal模块，并使用 same ClientId(例如API)使用身份验证/授权功能保护我的Web应用程序.当我浏览到我的网站时，我将重定向到AAD登录名，而在成功登录后，我将被重定向到我的站点.现在，我不想在Web应用程序中调用API(由相同的ClientId进行保护)，但是找不到找到令牌的方法.

Now I try to remove the ng2-adal module and secure my Web App with the Authentication / Authorization feature using the same ClientId (like the API). When I browse to my website I get redirected to the AAD login and after I successfully login, I get redirected to my site. Now I wan't to call the API (that is secured with the same ClientId) within my Web App but can't find a way to retrieve the token.

在这种情况下，是否可以在我的Angular应用中获取访问令牌? 令牌似乎已加密存储在AppServiceAuthSession Cookie中:

Is there a way to retrieve the access token within my Angular App in this scenario? It looks like the token is stored encrypted within the AppServiceAuthSession Cookie:

推荐答案

AppServiceAuthSession是cookie，它不同于令牌.在这种情况下，您需要修改Azure应用程序的配置，以使其获取Web API的access_token.

The AppServiceAuthSession is cookie which is different than a token. In this scenario, you need to modify the config of Azure app to make it acquire the access_token for the web API.

我们可以使用资源浏览来修改如下设置:

We can use the Resource Explore to modify the settings like below:

1.找到有角度的网络应用程序

1 . locate the angular web app

2.找到config-> authsettings(资源是用于保护您的应用程序的Azure应用程序的clientId)

2 . locate the config->authsettings(resource is the clientId of Azure app which used to protect your apps)

"additionalLoginParams": [
  "response_type=code id_token",
  "resource=3fa9607b-63cc-4050-82b7-91e44ff1df38"
],

3.如下配置Azure应用程序的redirect_uri: https://appfei.azurewebsites.net/.auth/login/aad/callback

3. config the redirect_uri for Azure app like below: https://appfei.azurewebsites.net/.auth/login/aad/callback

然后，在登录角度应用程序后，您可以通过端点获取 access_token : https://appfei.azurewebsites.net/.auth/me

Then after you login in the angular app, you can get the access_token via the endpoint: https://appfei.azurewebsites.net/.auth/me

然后，我们需要使用如下图所示的高级Azure Active Settings 保护Web API，以使access_token可以调用Web API:

Then we need to protect the web API using the Advanced Azure Active Settings like figure below to enable the access_token could call the web API:

这篇关于在AAD受保护的Azure Web App中检索访问令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！