問題描述
我想在 Azure Functions 上啟用身份驗證.因此,我決定使用 EasyAuth(平臺功能下的身份驗證/授權(quán)鏈接)并成功配置身份驗證過程.
當(dāng)我手動登錄到 Azure Function 端點(diǎn)時,身份驗證工作.但是,當(dāng)我嘗試以編程方式訪問 API 時,無需任何手動用戶干預(yù),就會遇到身份驗證問題:
狀態(tài)碼:401,未授權(quán)我使用以下代碼使用 clientID 和 clientSecret 從 AAD 獲取訪問令牌:
AuthenticationContext context = new AuthenticationContext("https://login.windows.net/<tenant-id>");字符串鍵=<客戶端密碼>";ClientCredential cc = new ClientCredential("<client-id>", key);AuthenticationResult 結(jié)果 = context.AcquireTokenAsync("https://<AzureFunctionAppName>.azurewebsites.net/", cc).Result;返回結(jié)果.AccessToken;然后我嘗試將在標(biāo)頭中收到的訪問令牌發(fā)送到我的 API 的新請求:
var content = "{"on":true, "sat":254, "bri":254, "hue":10000}";var AADToken = GetS2SAccessToken();HttpClient 客戶端 = 新 HttpClient();Client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", AADToken);var foo = Client.PostAsync("https://<AzureFunctionAppName>.azurewebsites.net/.auth/login/aad", new StringContent(content.ToString())).Result;Console.WriteLine($"result: {foo}");但是上面的代碼會導(dǎo)致未經(jīng)授權(quán)的調(diào)用.我不確定我做錯了什么.
如果你的 azure function 認(rèn)證級別是 anonymous 或 ,我們可以使用 accesstoken 直接訪問你的 azure function api功能鍵也是必需的.
我通過您提到的方式獲得了訪問令牌.根據(jù) Azure 資源門戶 (
然后我可以直接使用訪問令牌.我用郵遞員測試它.
我們也可以通過以下方式獲取easy auth token.訪問token就是你拿到的token.
發(fā)布 https://xxx.azurewebsites.net/.auth/login/aad內(nèi)容類型:應(yīng)用程序/json{access_token":eyJ0eXAiOix...rtf2H7lyUL-g34HVw"}之后我們就可以使用get token來訪問azure函數(shù)api了
注意:標(biāo)頭是x-zumo-auth:token
I wanted to enable authentication on Azure Functions. So, I decided to go with EasyAuth (Authentication/Authorization link under platform features) and was successfully able to configure the authentication process.
The authentication works when I manually sign-in to the Azure Function endpoint. But when I try to programmatically access the API, without any manual user intervention, I'm facing authentication issue:
Status Code:401, Unauthorized
I get an access token from AAD using clientID and clientSecret using the following code:
AuthenticationContext context = new AuthenticationContext("https://login.windows.net/<tenant-id>");
string key = "<client-secret>";
ClientCredential cc = new ClientCredential("<client-id>", key);
AuthenticationResult result = context.AcquireTokenAsync("https://<AzureFunctionAppName>.azurewebsites.net/", cc).Result;
return result.AccessToken;
Then I'm trying to send the Access Token received in the header for a new request to my API:
var content = "{"on":true, "sat":254, "bri":254, "hue":10000}";
var AADToken = GetS2SAccessToken();
HttpClient Client = new HttpClient();
Client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", AADToken);
var foo = Client.PostAsync("https://<AzureFunctionAppName>.azurewebsites.net/.auth/login/aad", new StringContent(content.ToString())).Result;
Console.WriteLine($"result: {foo}");
But the above code is resulting in unauthorized calls. I am not sure what I'm doing wrong.
We could use the accesstoken to access the you azure function api directly, if your azure function authentication level is anonymous or function key is also required.
I get the access token with your mentioned way. According to the Azure Resources portal(https://resources.azure.com/), the default allowedAudiences is
"https://{functionAppName}.azurewebsites.net/.auth/login/aad/callback"
So I add the https://{functionAppName}.azurewebsites.net/ as allowed aduiences
Then I can use the access token directly. I test it with postman.
We also could use the following way to get easy auth token. The access token is the token that you got.
Post https://xxx.azurewebsites.net/.auth/login/aad
Content-Type:application/json
{
"access_token":"eyJ0eXAiOix...rtf2H7lyUL-g34HVw"
}
After that we could use the get token to access the azure function api
Note: Header is x-zumo-auth: token
這篇關(guān)于使用 Azure Active Directory 的 Azure Function 身份驗證的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網(wǎng)!