如何结合 AD B2C(MSAL) 和 CosmosDB [英] How to combine AD B2C(MSAL) and CosmosDB
问题描述
我在我的 Xamarin 表单应用程序中使用 appcenter Auth 和 Data,但微软正在关闭这些服务,所以我现在需要自己做.这两个 Atm 允许我使用 ADB2C 验证我的用户,然后授予他们访问 Cosmos 数据库中自己的和共享的内容.
I'm using appcenter Auth and Data in my Xamarin forms Application, but microsoft are shutting down these services so i now need to do it myself. Atm these two allowed me to verify my users with ADB2C and then grant them to access there own and shared content in the Cosmos Database.
我有什么自动取款机:我可以通过 MSAL 登录到我的 AD B2C.我可以使用 Microsoft.Azure.DocumentDB.Core 访问我的数据库.
What i have atm: I can log in via MSAL to my AD B2C. I can access my DB with Microsoft.Azure.DocumentDB.Core.
我需要的是:我需要能够生成资源令牌并配置数据库,以便只有用户可以访问他们的文档.(仅发现过时且描述不佳的教程)
What i need is: I need to be able to generate Ressource Token and configure the Database so only the User can access their documents.(Only found outdated and poorly described Tutorials)
或者作为替代方案:如何创建只有通过 msal 登录的用户才能调用的 Azure 函数?然后我需要 Azure 函数中的用户 ID 来检查数据库.(所有教程都处理 api 调用上的用户验证,从应用程序调用时这是不可能的)
Or as an alternative: How is it possible to create Azure functions that only User which are logged in via msal can call? And then i would need the user id in the Azure function to check against the db.(All the Tutorials handle the user verification on the api call, this is not possible when calling from application)
推荐答案
您不能使用 AAD B2C 颁发的用户令牌来访问 Cosmos DB 资源.
You cannot use the AAD B2C issued user token to access Cosmos DB resource.
试试这个链接 - 您需要将 B2C 令牌传递给受 AAD B2C 保护的 API,然后使用 client_credentials(AAD 服务帐户)代表用户进行 API 调用.
https://codemilltech.com/adding-azure-ad-b2c-authentication-to-azure-functions/
Try this link - you will need to pass the B2C token to a AAD B2C protected API which then makes the API call on behalf of the user using client_credentials (AAD service account).
https://codemilltech.com/adding-azure-ad-b2c-authentication-to-azure-functions/
这篇关于如何结合 AD B2C(MSAL) 和 CosmosDB的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
