使用loginwithazureactivedirectory和expressmode的Azure活动目录 [英] Azure active directory using loginwithazureactivedirectory and expressmode
问题描述
我们希望在启用azureactive目录表示模式后使用azure活动目录进行功能应用程序身份验证.我们选择了loginwithazureactivedirectory选项.当我们通过邮递员点击功能时,它会在微软件的登录屏幕上提供html的登录信息.没有这些强大的功能,我们将无法访问功能应用程序uRL.
请找到以下屏幕供参考
对此可以提供任何帮助
为Web应用程序成功配置Azure AD之后,需要使用访问令牌来访问应用程序.我使用以下代码从使用clientID和clientSecret的AAD获取访问令牌:
方法:开机自检网址:https://login.microsoftonline.com/您的目录ID/oauth2/token标题:Content-Type:应用程序/x-www-form-urlencoded实体:grant_type + = client_credentials& resource + =您的功能url"& client_id +++++ =您注册ID的应用程序"& client_secret + =您创建的密钥" 请注意,根据Azure资源门户网站(然后,我可以直接使用访问令牌.我用邮递员测试.
在此处输入图片说明
请注意,如果您的天蓝色功能认证级别不是匿名,您需要添加功能键
we want to use azure active directory for function app authetication after enabling azureactive directory express mode.we have selected loginwithazureactivedirectory option. when we are hitting function through postman it is giving html of log in screen of micro soft. with out that sceen cant we access the fucntion app uRL.
Please find the below screen for your reference
Any help is appreciated on this
解决方案After you successfully configure Azure AD for your web app, you need to use the access token to access your application. I get an access token from AAD using clientID and clientSecret using the following code:
METHOD: POST Url : https://login.microsoftonline.com/your directory ID/oauth2/token HEADERS: Content-Type : application/x-www-form-urlencoded BODY: grant_type+=client_credentials&resource+="your Function url"&client_id+++++="the application that your register id"&client_secret+="the key you create"
Please note that according to the Azure Resources portal(https://resources.azure.com/), the default allowedAudiences is
"https://{functionAppName}.azurewebsites.net/.auth/login/aad/callback" So I add the https://{functionAppName}.azurewebsites.net/ as allowed aduiences
enter image description here Then I can use the access token directly. I test it with postman.
enter image description here
Please note that if your azure function authentication level is not anonymous, you need to add the function key
这篇关于使用loginwithazureactivedirectory和expressmode的Azure活动目录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
