Azure AD - HTTP/1.1 401 未经授权 - Windows 服务
Azure AD - HTTP/1.1 401 Unauthorized - Windows Service
Azure 身份验证有问题。调用 Azure 中托管的 WebAPI 时出现 401 未经授权。
基本情况如下:
遵循了本教程 - https://azure.microsoft.com/en-us/documentation/samples/active-directory-dotnet-daemon/
注册了 2 个应用程序:
- Windows 服务
- 网络API
Windows 服务调用 STS 并成功获取 JWT。然后它会尝试将该令牌传递给托管在 azurewebsites.net.
上的 WebAPI
这是我调用 STS 的代码(只是包装在 Auth Class 中):
public class AzureAuth
{
private AuthenticationContext authContext;
private ClientCredential clientCredential;
protected string AzureADInstanceName;
protected string AzureADTenancyName;
protected string AzureADApplicationClientId;
protected string AzureADApplicationSecret;
protected string AzureADApplicationAppId;
public AzureAuth(string azureADInstanceName, string azureADTenancyName, string azureADApplicationClientId, string azureADApplicationSecret, string azureADApplicationAppId)
{
this.AzureADInstanceName = azureADInstanceName;
this.AzureADTenancyName = azureADTenancyName;
this.AzureADApplicationClientId = azureADApplicationClientId;
this.AzureADApplicationSecret = azureADApplicationSecret;
this.AzureADApplicationAppId = azureADApplicationAppId;
string authority = string.Format(CultureInfo.InvariantCulture, AzureADInstanceName, AzureADTenancyName);
this.authContext = new AuthenticationContext(authority);
this.clientCredential = new ClientCredential(AzureADApplicationClientId, AzureADApplicationSecret);
}
public async Task ExecuteGetWithAADAutToken<T>(Action<AuthenticationResult> AfterAuthAction)
{
AuthenticationResult result = null;
try
{
result = await authContext.AcquireTokenAsync(this.AzureADApplicationAppId, this.clientCredential);
AfterAuthAction(result);
}
catch (Exception ex)
{
throw;
}
}
}
然后我使用该 Auth class 和 AuthResult 来调用 WebApi:
using (var client = new HttpClient())
{
client.BaseAddress = new Uri(getEndPointUri);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", res.AccessToken);
HttpResponseMessage response = await client.GetAsync("/api/field");
if (response.IsSuccessStatusCode)
{
var resultStringJSON = await response.Content.ReadAsStringAsync();
Console.WriteLine(resultStringJSON);
}
else
{
var resulterrorStringJSON = await response.Content.ReadAsStringAsync();
Console.WriteLine(resulterrorStringJSON);
}
}
HttpResponseMessage 响应未授权
我使用 fiddler 来获取请求和响应:
GET https://xxxxxxxx.azurewebsites.net/api/someapi HTTP/1.1
Accept: application/json
Authorization: Bearer XXXXXXXXX
Host: xxxxxx.azurewebsites.net
HTTP/1.1 401 Unauthorized
Content-Length: 0
Server: Microsoft-IIS/8.0
WWW-Authenticate: Bearer realm="xxxxxxx.azurewebsites.net"
X-Powered-By: ASP.NET
Set-Cookie: ARRAffinity=697493f3974009aeb448f562d1b389f79aa6008071be1244c77f3f1d3849f5f0;Path=/;Domain=xxxxxxxx.azurewebsites.net
Date: Tue, 24 May 2016 03:59:15 GMT
请帮忙?
我怀疑的主要问题是在 Azure 中,AAD 应用程序无法访问 Web API 应用程序。我试图通过用户添加它,但是当我以用户身份搜索该应用程序时,它找不到它。已注册的应用程序位于不同的 Azure AD 目录中。
您是否偶然在门户中启用了身份验证/授权?在同一个 Web 应用程序中同时使用集成身份验证/授权和 OWIN Azure AD 身份验证中间件时,有几个人 运行 遇到了类似的问题。设置您的应用程序的正确方法是使用一个或另一个,因为它们目前不能很好地搭配使用。
Azure 身份验证有问题。调用 Azure 中托管的 WebAPI 时出现 401 未经授权。
基本情况如下: 遵循了本教程 - https://azure.microsoft.com/en-us/documentation/samples/active-directory-dotnet-daemon/
注册了 2 个应用程序:
- Windows 服务
- 网络API
Windows 服务调用 STS 并成功获取 JWT。然后它会尝试将该令牌传递给托管在 azurewebsites.net.
上的 WebAPI这是我调用 STS 的代码(只是包装在 Auth Class 中):
public class AzureAuth
{
private AuthenticationContext authContext;
private ClientCredential clientCredential;
protected string AzureADInstanceName;
protected string AzureADTenancyName;
protected string AzureADApplicationClientId;
protected string AzureADApplicationSecret;
protected string AzureADApplicationAppId;
public AzureAuth(string azureADInstanceName, string azureADTenancyName, string azureADApplicationClientId, string azureADApplicationSecret, string azureADApplicationAppId)
{
this.AzureADInstanceName = azureADInstanceName;
this.AzureADTenancyName = azureADTenancyName;
this.AzureADApplicationClientId = azureADApplicationClientId;
this.AzureADApplicationSecret = azureADApplicationSecret;
this.AzureADApplicationAppId = azureADApplicationAppId;
string authority = string.Format(CultureInfo.InvariantCulture, AzureADInstanceName, AzureADTenancyName);
this.authContext = new AuthenticationContext(authority);
this.clientCredential = new ClientCredential(AzureADApplicationClientId, AzureADApplicationSecret);
}
public async Task ExecuteGetWithAADAutToken<T>(Action<AuthenticationResult> AfterAuthAction)
{
AuthenticationResult result = null;
try
{
result = await authContext.AcquireTokenAsync(this.AzureADApplicationAppId, this.clientCredential);
AfterAuthAction(result);
}
catch (Exception ex)
{
throw;
}
}
}
然后我使用该 Auth class 和 AuthResult 来调用 WebApi:
using (var client = new HttpClient())
{
client.BaseAddress = new Uri(getEndPointUri);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", res.AccessToken);
HttpResponseMessage response = await client.GetAsync("/api/field");
if (response.IsSuccessStatusCode)
{
var resultStringJSON = await response.Content.ReadAsStringAsync();
Console.WriteLine(resultStringJSON);
}
else
{
var resulterrorStringJSON = await response.Content.ReadAsStringAsync();
Console.WriteLine(resulterrorStringJSON);
}
}
HttpResponseMessage 响应未授权
我使用 fiddler 来获取请求和响应:
GET https://xxxxxxxx.azurewebsites.net/api/someapi HTTP/1.1
Accept: application/json
Authorization: Bearer XXXXXXXXX
Host: xxxxxx.azurewebsites.net
HTTP/1.1 401 Unauthorized
Content-Length: 0
Server: Microsoft-IIS/8.0
WWW-Authenticate: Bearer realm="xxxxxxx.azurewebsites.net"
X-Powered-By: ASP.NET
Set-Cookie: ARRAffinity=697493f3974009aeb448f562d1b389f79aa6008071be1244c77f3f1d3849f5f0;Path=/;Domain=xxxxxxxx.azurewebsites.net
Date: Tue, 24 May 2016 03:59:15 GMT
请帮忙?
我怀疑的主要问题是在 Azure 中,AAD 应用程序无法访问 Web API 应用程序。我试图通过用户添加它,但是当我以用户身份搜索该应用程序时,它找不到它。已注册的应用程序位于不同的 Azure AD 目录中。
您是否偶然在门户中启用了身份验证/授权?在同一个 Web 应用程序中同时使用集成身份验证/授权和 OWIN Azure AD 身份验证中间件时,有几个人 运行 遇到了类似的问题。设置您的应用程序的正确方法是使用一个或另一个,因为它们目前不能很好地搭配使用。