使用Azure AD保护Azure功能-从本机应用程序调用时获取HTTP 401 [英] Azure Functions secured with Azure AD - Getting HTTP 401 when calling from native app
问题描述
我的目标是使用Azure AD保护我的Azure功能,并从WPF应用程序中调用它们.
My goal is to secure my Azure Functions with Azure AD and call them from a WPF application.
我有一个具有以下定义的Azure函数:
I have an Azure Function with the following definition :
public IActionResult Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)]
HttpRequest req,
ILogger log,
ExecutionContext context,
ClaimsPrincipal claimsPrincipal)
我注册了Azure AD应用并配置了本机应用身份验证的设置:
I registered an Azure AD App and configured the settings for Native App Authentication :
我在公开API" bladd中配置了我的应用
I configured my app in the "Expose an API" bladd
我还添加了API权限
我将我的应用程序与身份验证/授权刀片中的Azure Functions应用程序关联.
I associated my app in my Azure Functions App in the Authentication / Authorization blade.
我正在WPF应用程序中从Azure AD这样获得令牌(使用Microsoft.Identity.Client库)
I am getting a token from Azure AD like this in a WPF app (using the Microsoft.Identity.Client library)
string applicationID = "***"; // My AppID Guid
PublicClientApp = PublicClientApplicationBuilder.Create(applicationID)
.WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient")
.Build();
var listScopes = new List<string>
{
//"user.read" - Removed based on @tony-yu recommendation
$"api://{applicationID}/MyScope"
};
var authResult = await PublicClientApp.AcquireTokenInteractive(listScopes)
.ExecuteAsync();
var myToken = authResult.AccessToken;
我可以毫无问题地进行身份验证,并且可以成功获取令牌,但是每当我调用函数并在Authorization标头中提供令牌(Authorization = Bearer ****)时,我都会得到:
I can authenticate without any problem and I am successfully getting a token but whenever I call my function and I provide my token in the Authorization header (Authorization = Bearer ****), I get :
401-您无权查看此目录或页面.
这就是我所说的(邮递员):
Here's how I call it (Postman) :
这是电话返回时的WWW-Authenticate标头内容
Here is the WWW-Authenticate header content when the call returns
当我检查我获得的令牌时,似乎是合法的
When I check the token I got, it seems legit
知道我做错了什么吗?
推荐答案
因此,由于这篇 SO文章,我终于使它能够正常工作了通过 ambrose-leung
So I finally made it work thanks to this SO article here by ambrose-leung
这篇关于使用Azure AD保护Azure功能-从本机应用程序调用时获取HTTP 401的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!