c# - 通过启用 Azure 目录的 Azure 代理访问 On Premise Api
问题描述
我正在尝试使用 Azure 应用程序代理公开我的本地 API。
我已成功将其配置为使用 Pre-Authentication 设置为Passthrough。当我将预身份验证更改为Azure Active Directory 时,我可以通过浏览器成功访问端点。但是,当我尝试从代码调用本地端点时,我会收到 Microsoft 登录页面的 HTML。成功的请求将返回 JSON 响应。
我正在关注 Microsoft 文章:使用 Azure AD 应用程序代理安全访问本地 API
通过Azure Docs 缺陷,我了解到我必须使用“http://localhost”作为 RedirectUri 的值,并将我的客户端应用程序配置为“移动和桌面应用程序”平台。
这是我的代码:
[Fact]
public async Task Successfully_authenticate_but_cant_access_the_proxy()
{
// Acquire Access Token from AAD for Proxy Application
var clientApp = PublicClientApplicationBuilder
.Create("b510069b-xxxx-xxxx-xxxx-9363xxxxxxxx") //Client Id for Client Application
.WithRedirectUri("http://localhost") // This must be configured as a "Mobile and desktop applications" platform in the client application
.WithTenantId("xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd") //Not sure if this is needed.
.WithAuthority("https://login.microsoftonline.com/xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd")
.Build();
AuthenticationResult authResult;
var accounts = await clientApp.GetAccountsAsync();
var account = accounts.FirstOrDefault();
IEnumerable<string> scopes = new string[] {"https://endpoints-xxx.msappproxy.net/user_impersonation"};
try
{
authResult = await clientApp.AcquireTokenSilent(scopes, account).ExecuteAsync();
}
catch (MsalUiRequiredException ex)
{
authResult = await clientApp.AcquireTokenInteractive(scopes).ExecuteAsync();
}
if (authResult != null)
{
//Use the Access Token to access the Proxy Application
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
var response = await httpClient.GetAsync("https://endpoints-xxx.msappproxy.net");
//Failing here. I'm receiving the HTML for the Sign-In page. I'm expecting a response with JSON.
var responseValue = await response.Content.ReadAsStringAsync();
}
}
有没有人通过 Azure 应用程序代理和 Azure Active Directory 成功访问本地端点?
解决方案
我向 Microsoft 开了一张票,他们能够确定问题所在。
范围需要在域名后添加第二个斜杠“/”:
IEnumerable<string> scopes = new string[] {"https://endpoints-xxx.msappproxy.net//user_impersonation"};
完整的代码如下所示:
[Fact]
public async Task Successfully_authenticate_but_cant_access_the_proxy()
{
// Acquire Access Token from AAD for Proxy Application
var clientApp = PublicClientApplicationBuilder
.Create("b510069b-xxxx-xxxx-xxxx-9363xxxxxxxx") //Client Id for Client Application
.WithRedirectUri("http://localhost") // This must be configured as a "Mobile and desktop applications" platform in the client application
.WithTenantId("xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd") //Not sure if this is needed.
.WithAuthority("https://login.microsoftonline.com/xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd")
.Build();
AuthenticationResult authResult;
var accounts = await clientApp.GetAccountsAsync();
var account = accounts.FirstOrDefault();
IEnumerable<string> scopes = new string[] {"https://endpoints-xxx.msappproxy.net//user_impersonation"};
try
{
authResult = await clientApp.AcquireTokenSilent(scopes, account).ExecuteAsync();
}
catch (MsalUiRequiredException ex)
{
authResult = await clientApp.AcquireTokenInteractive(scopes).ExecuteAsync();
}
if (authResult != null)
{
//Use the Access Token to access the Proxy Application
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
var response = await httpClient.GetAsync("https://endpoints-xxx.msappproxy.net");
//Failing here. I'm receiving the HTML for the Sign-In page. I'm expecting a response with JSON.
var responseValue = await response.Content.ReadAsStringAsync();
}
}
推荐阅读
- css - 边框 0 仍然在 Firefox 中留下一个黑色圆圈
- r - 如何从具有多个组的列表中提取数据?
- file - 为什么 32 字节的 ASCII 文本文件在转换为 Unicode 时会变成 66 字节?
- reactjs - Redux 编辑待办事项
- javascript - 如何在反应中获得http参数?
- html - 限制显示的表格行数
- python - 当尝试运行 dag 和 Airflow 返回状态码2
- excel - 按顺序组织具有相同值vba的单元格
- python - Spark (Pyspark) - 作业之间的长时间延迟
- javascript - 为什么当应用程序关闭时 componentWillUnmount 不会在 React 根组件中触发