如何在没有ADAL的情况下登录到Azure托管和受Active Directory保护的API应用? [英] Howto login to Azure hosted and Active Directory protected API App without ADAL?

问题描述

我试图登录到托管在Azure中并受Activty Directory保护的Java API后端应用.

I am trying to login to my Java API backend app hosted in Azure and protected with Activty Directory.

在这篇文章中我已阅读此电话以接收令牌:

In this article I read to make this call for receiving the token:

获取

GET https://login.windows.net/developertenant.onmicrosoft.com/oauth2/authorize?response_type=id_token&client_id=aeadda0b-4350-4668-a457-359c60427122&redirect_uri=https%3A%2F%2Flocalhost%3A44326%2F&state=8f0f4eff-360f-4c50-acf0-99cf8174a58b&nonce=8b8385b9-26d3-42a1-a506-a8162bc8dc63 HTTP/1.1

但是如何找出为我自己的API后端应用设置的哪个状态和哪个 nonce ?

But how to find out which state and which nonce to set for my own API backend app?

仅使用上面示例中的状态和随机数，就会导致我得到一个名为flowToken的响应.这是我必须发送的令牌类型，也如上述文章中所述吗?参见此部分:

Just using the state and nonce from above example leads me to a response with a so called flowToken. Is this the type of token I have to send as also stated in the referred article? See this part:

位置:

Location: https://localhost:44326/#id_token=eyJ0eXAiOiJKV1QiLC[SNIP]gu1OnSTN2Q2NVu3ug&state=8f0f4eff-360f-4c50-acf0-99cf8174a58b&session_state=e4ec5227-3676-40bf-bdfe-454de9a2fdb2

我只是想拥有一个前端应用程序来自动安全地连接到后端应用程序，而无需输入用户凭据.

I just would like to have a frontend app to securely connect to the backend app automatically without typing in user credentials.

请不要告诉我使用ADAL.因为那是我已经尝试过的，但是没用的.如您所见，此处.

Please do NOT tell me to use ADAL. Because that's what I already tried and what did not work. As you can see here.

推荐答案

由于授权宏流包含多个URL重定向，因此很难在SPA上实现.您需要实现客户端自己在Azure Active Directory(AD)中的OAuth2隐式授予流由您自己完成，这也是JS的ADAL.您可以参考

As the authorization grand flow contains several url redirects, which is difficult to implement on SPA. You need to implement OAuth2 implicit grant flow in Azure Active Directory (AD) on client side by your own, which is also ADAL for JS done. You can refer to https://docs.microsoft.com/en-us/azure/active-directory/active-directory-authentication-scenarios#single-page-application-spa for more info about the work flow.

在SPA中通过AAD的最简单方法是对JS使用ADAL.并根据您的问题访问Azure托管API应用的访问被拒绝根据CORS政策，您可以尝试设置保护您的后端服务器的AAD应用程序的配置. I.E.

And the easiest way to go through the AAD in SPA is to use ADAL for JS. And according to your question Access to azure hosted API App denied by CORS policy, you can try to set the configuration of the AAD application which is protecting your backend server. I.E.

尝试使用theEndpoints变量中的客户端ID设置为adalAuthenticationServiceProvider.init函数.在我的测试项目中效果很好.

Try to use the client id in theEndpoints variable to set into the adalAuthenticationServiceProvider.init function. It works fine on my test project.

任何进一步的担忧，请随时让我知道.

Any further concern, please feel free to let me know.

这篇关于如何在没有ADAL的情况下登录到Azure托管和受Active Directory保护的API应用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！