Azure AD API请求401未经授权 [英] Azure AD API request 401 Unauthorized

查看:273
本文介绍了Azure AD API请求401未经授权的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我在启用了Azure AD身份验证的Azure网站上运行标准Web API,当在浏览器中浏览该API时,我能够通过浏览器登录并获得对该API的访问权限.

I have a standard Web API running on an Azure website with Azure AD authentication enabled, when browsing to the API in a browser I am able to login via the browser and gain access to the API.

但是,WPF桌面应用程序在提交请求时收到未授权响应:

The WPF desktop application however is receiving an Unauthorized response when submitting the request:

var authContext = new AuthenticationContext(authority, new FileCache());
var accessToken = await authContext.AcquireTokenAsync(apiResourceid, clientId, redirectUri,
                    new PlatformParameters(PromptBehavior.Auto));
// accessToken is valid

var apiUrl = "https://example.azurewebsites.net/api/list";
var request = new HttpRequestMessage(HttpMethod.Get, apiUrl);
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken.AccessToken);
var response = await httpClient.SendAsync(request);

身份验证成功,调试时可以看到用户信息.

The authentication is successfull and I can see the User info when debugging.

我没有访问Azure帐户的权限,但是我确信Service AD应用程序已正确配置为允许访问Client AD应用程序,因为在备用帐户(未正确配置)上进行测试时,AuthenticationContext.AcquireTokenAsync方法失败.

I do not have access to the Azure account but am confident the Service AD application is configured correctly to allow access to the Client AD application as when testing on an alternate account (not configured correctly) the AuthenticationContext.AcquireTokenAsync method was failing.

我确实注意到AuthenticationResult.ExpiresOn一直是过去的,但是没有办法延长它,这应该是将来的日期吗?-(时间当然是UTC)

I did notice that the AuthenticationResult.ExpiresOn is always in the past but see no way of extending it, should this be a future date? - (Time is of course UTC)

请求:

GET https://example.azure
websites.net/api/categorisation HTTP/1.1
Authorization: Bearer eyJ0eXAiO...
Host: example.azurewebsites.net

响应:

HTTP/1.1 401 Unauthorized
Content-Length: 58
Content-Type: text/html
Server: Microsoft-IIS/8.0
WWW-Authenticate: Bearer realm="example.azurewebsites.net"
X-Powered-By: ASP.NET
Set-Cookie: ARRAffinity=e35f2977dba55e6708887e762940f75c2a0fcb0a9df4e1cbe0d3f10a614c59b8;Path=/;Domain=example.azurewebsites.net
Date: Fri, 08 Jul 2016 07:51:13 GMT

You do not have permission to view this directory or page.

更新:

我已经在可以访问并且仍然收到未经授权的响应的Azure帐户中重新创建了环境(在浏览器中工作正常).

I have recreated the environment in an Azure account I have access to and still receive an Unauthorised response (works fine in a browser).

推荐答案

此问题似乎与Azure网站中的身份验证/授权"选项有关,启用后,Web Api将不接受使用身份验证标头的请求.禁用该选项并与Azure AD一起使用Owin库提供了所需的解决方案.

The issue appears to be with the "Authentication / Authorization" option in Azure Websites, when enabled the Web Api will not accept requests using the Authentication header. Disabling the option and using the Owin library alongside Azure AD has provided the solution required.

这篇关于Azure AD API请求401未经授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆