Azure API身份验证 [英] Azure API Authentication

问题描述

我正在使用C#代码中的Azure API，并在以下库中使用了

I am using Azure API's in C# code and used below libraries:

using Microsoft.Rest; using Microsoft.Rest.Azure.Authentication;
using Microsoft.Azure.Management.DataLake.Store;
using Microsoft.Azure.Management.DataLake.StoreUploader;
using Microsoft.Azure.Management.DataLake.Analytics;
using Microsoft.Azure.Management.DataLake.Analytics.Models;
using Microsoft.WindowsAzure.Storage.Blob;

要创建与Azure的连接，请执行以下操作:

To create connection with Azure:

private static ServiceClientCredentials AuthenticateAzure(string domainName, string nativeClientAppCLIENTID)
{
    // User login via interactive popup
    SynchronizationContext.SetSynchronizationContext(new SynchronizationContext());
    // Use the client ID of an existing AAD "Native Client" application.
    var activeDirectoryClientSettings = ActiveDirectoryClientSettings.UsePromptOnly(nativeClientAppCLIENTID, new Uri("urn:ietf:wg:oauth:2.0:oob"));
    return UserTokenProvider.LoginWithPromptAsync(domainName, activeDirectoryClientSettings).Result;
}

在呼叫LoginWithPromptAsync时，我得到了弹出窗口，询问我的凭据.我不希望每次运行代码时都显示此弹出窗口.除了创建Azure应用之外，还有什么办法可以解决这个问题?

When calling LoginWithPromptAsync, I got the popup, which ask my credentials. I don't want this pop-up to appear every time I run the code. Is there any way to come up with this thing beside creating Azure app?

我有一个ApplicationId，TenantId，CertificateThumbprint和SubscriptionId(如下).我可以在没有提示的情况下使用这些字段进行身份验证以进行天蓝色吗?

I have an ApplicationId, TenantId, CertificateThumbprint, and SubscriptionId (below). Can I use these fields to authenticate to azure without prompt?

推荐答案

我们可以使用功能UserTokenProvider.LoginSilentAsync(nativeClientAppClientid, domainName, userName, password)获取我们的凭据，而不会弹出窗口.它对我来说很好用，以下是我的测试代码.如何注册WebApp，请参阅

We can use the function UserTokenProvider.LoginSilentAsync(nativeClientAppClientid, domainName, userName, password) to get our credentials without pop-up. It works fine for me, the following is my test code. How to registry WebApp please refer to the document.

    static void Main(string[] args)
    {
        var certificate = AuthenticateAzure("your domain name", "Ad App client ID", "username", "password");
    }

    /// <summary>
    ///  Log in to azure active directory in non-interactive mode using organizational
    //   id credentials and the default token cache. Default service settings (authority,
    //   audience) for logging in to azure resource manager are used.
    /// </summary>
    /// <param name="domainName"> The active directory domain or tenant id to authenticate with</param>
    /// <param name="nativeClientAppClientid">  The active directory client id for this application </param>
    /// <param name="userName"> The organizational account user name, given in the form of a user principal name  (e.g. user1@contoso.org).</param>
    /// <param name="password"> The organizational account password.</param>
    /// <returns>A ServiceClientCredentials object that can be used to authenticate http requests  using the given credentials.</returns>
    private static ServiceClientCredentials AuthenticateAzure(string domainName, string nativeClientAppClientid,string userName,string password)
    {
       return UserTokenProvider.LoginSilentAsync(nativeClientAppClientid, domainName, userName, password).Result;
    }

更新:

有关如何注册AD App以及为应用分配角色的更多详细步骤，请参考 Microsoft.IdentityModel.Clients.ActiveDirectory SDK来获取令牌用于api身份验证.

More details steps about how to registry AD App and assign role to application, please refer to document. After that we can get tenantId, appId, secretKey from the Azure Portal. Then we can use Microsoft.IdentityModel.Clients.ActiveDirectory SDK to get token for api authentication.

演示代码:

var subscriptionId = "Your subscrption";
var appId = "Registried Azure Application Id";
var secretKey = "Secret Key";
var tenantId = "tenant Id";
var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
ClientCredential clientCredential = new ClientCredential(appId, secretKey );
var tokenResponse = context.AcquireTokenAsync("https://management.azure.com/", clientCredential).Result;
var accessToken = tokenResponse.AccessToken;
using (var client = new HttpClient())
{
    client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken); 
    client.BaseAddress = new Uri("https://management.azure.com/");
    // Now we can party with our HttpClient!
}

这篇关于Azure API身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！