Microsoft.Azure.Management.ApiManagement 实施
Microsoft.Azure.Management.ApiManagement Implementation
我正在尝试使用 Microsoft.Azure.Management.ApiManagement 4.0.4-preview 实施 Azure API 管理 API。
在我看到实施文档的地方没有。我试过下面的代码。但我收到身份验证错误。
Microsoft.Rest.Azure.CloudException: 'Authentication failed. The 'Authorization' header is provided in an invalid format.'
BasicAuthenticationCredentials basicAuthenticationCredentials = new BasicAuthenticationCredentials();
basicAuthenticationCredentials.UserName = "**********";
basicAuthenticationCredentials.Password = "*******";
var token = "Bearer **********"; // copied bear token from https://docs.microsoft.com/en-us/rest/api/apimanagement/user/get by logging proper user name and password
ApiManagementClient apiManagementClient = new ApiManagementClient(basicAuthenticationCredentials);
apiManagementClient.SubscriptionId = "*************************************";
apiManagementClient.HttpClient.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", token);
apiManagementClient.ApiManagementService.Get("resourcegroupname", "POCAPIManagementService"); // error happening from this line
var user = apiManagementClient.User.Get("resourcegroupname", "POCAPIManagementService", "1");
copied bear token from https://docs.microsoft.com/en-us/rest/api/apimanagement/user/get by logging proper user name and password
看来你的生成方式有问题
授权 header 应该是您从 Azure Active Directory 获取的 JSON Web 令牌,但直接来自 Azure 门户。更详细的可以参考这个article.
你可以参考这个document for how to obtain a JWT from AAD and protect an API by using OAuth 2.0 with Azure Active Directory和API管理
经过两周的努力,我们找到了 Microsoft.Azure.Management.ApiManagement
dll 实现。
1) 在 azure ad 中创建应用程序
2) 转到您的 APIM => 访问控制 (IAM) 选项卡
3) 添加上面创建的应用程序(需要在 APIM 中执行此操作的权限)
4) 现在您应该能够在 APIM 访问控制 (IAM) 选项卡中看到 Azure AD 应用程序
这将为您在 Azure AD 中创建的应用程序提供委托权限
我们可以使用客户端凭据流来获取针对 Azure AD 的委派访问令牌。
使用范围作为 https://management.azure.com
下面给出了 Microsoft.Azure.Management.ApiManagement dll 实现客户端凭据流的示例代码。
public class myServiceCredentials : ServiceClientCredentials{
private string AuthenticationToken { get; set; }
public override void InitializeServiceClient<T>(ServiceClient<T> client)
{
var authenticationContext = new
AuthenticationContext("https://login.windows.net/{tenantID}");
var credential = new ClientCredential(clientId: "xxxxx-xxxx-xx-xxxx-xxx",
clientSecret: "{clientSecret}");
var result = authenticationContext.AcquireToken(resource:
"https://management.core.windows.net/", clientCredential: credential);
if (result == null)
{
throw new InvalidOperationException("Failed to obtain the JWT token");
}
AuthenticationToken = result.AccessToken;
}
}
@Joseph,我在未经授权的回复方面遇到了同样的问题。检查通过 ApiManagementClient 发出的请求。有两件事是错误的:
- 错误url
- 缺少授权 header。
通过以下操作更正此问题:
var credentials = new MyCredentials();
var client = new ApiManagementClient(new Uri("https://management.azure.com/"), credentials);
client.SubscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
client.HttpClient.DefaultRequestHeaders.Add("Authorization", "Bearer " + credentials.AuthenticationToken);
var result = await client.User.ListByServiceAsync("resource-group", "service");
MyCredentials 看起来与之前响应中的 myServiceCredentials class 相同,它继承自 ServiceClientCredentials。不过必须制作 AuthenticationToken 道具 public。
我正在尝试使用 Microsoft.Azure.Management.ApiManagement 4.0.4-preview 实施 Azure API 管理 API。
在我看到实施文档的地方没有。我试过下面的代码。但我收到身份验证错误。
Microsoft.Rest.Azure.CloudException: 'Authentication failed. The 'Authorization' header is provided in an invalid format.'
BasicAuthenticationCredentials basicAuthenticationCredentials = new BasicAuthenticationCredentials();
basicAuthenticationCredentials.UserName = "**********";
basicAuthenticationCredentials.Password = "*******";
var token = "Bearer **********"; // copied bear token from https://docs.microsoft.com/en-us/rest/api/apimanagement/user/get by logging proper user name and password
ApiManagementClient apiManagementClient = new ApiManagementClient(basicAuthenticationCredentials);
apiManagementClient.SubscriptionId = "*************************************";
apiManagementClient.HttpClient.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", token);
apiManagementClient.ApiManagementService.Get("resourcegroupname", "POCAPIManagementService"); // error happening from this line
var user = apiManagementClient.User.Get("resourcegroupname", "POCAPIManagementService", "1");
copied bear token from https://docs.microsoft.com/en-us/rest/api/apimanagement/user/get by logging proper user name and password
看来你的生成方式有问题
授权 header 应该是您从 Azure Active Directory 获取的 JSON Web 令牌,但直接来自 Azure 门户。更详细的可以参考这个article.
你可以参考这个document for how to obtain a JWT from AAD and protect an API by using OAuth 2.0 with Azure Active Directory和API管理
经过两周的努力,我们找到了 Microsoft.Azure.Management.ApiManagement dll 实现。
1) 在 azure ad 中创建应用程序 2) 转到您的 APIM => 访问控制 (IAM) 选项卡 3) 添加上面创建的应用程序(需要在 APIM 中执行此操作的权限) 4) 现在您应该能够在 APIM 访问控制 (IAM) 选项卡中看到 Azure AD 应用程序
这将为您在 Azure AD 中创建的应用程序提供委托权限
我们可以使用客户端凭据流来获取针对 Azure AD 的委派访问令牌。 使用范围作为 https://management.azure.com
下面给出了 Microsoft.Azure.Management.ApiManagement dll 实现客户端凭据流的示例代码。
public class myServiceCredentials : ServiceClientCredentials{
private string AuthenticationToken { get; set; }
public override void InitializeServiceClient<T>(ServiceClient<T> client)
{
var authenticationContext = new
AuthenticationContext("https://login.windows.net/{tenantID}");
var credential = new ClientCredential(clientId: "xxxxx-xxxx-xx-xxxx-xxx",
clientSecret: "{clientSecret}");
var result = authenticationContext.AcquireToken(resource:
"https://management.core.windows.net/", clientCredential: credential);
if (result == null)
{
throw new InvalidOperationException("Failed to obtain the JWT token");
}
AuthenticationToken = result.AccessToken;
}
}
@Joseph,我在未经授权的回复方面遇到了同样的问题。检查通过 ApiManagementClient 发出的请求。有两件事是错误的:
- 错误url
- 缺少授权 header。
通过以下操作更正此问题:
var credentials = new MyCredentials();
var client = new ApiManagementClient(new Uri("https://management.azure.com/"), credentials);
client.SubscriptionId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
client.HttpClient.DefaultRequestHeaders.Add("Authorization", "Bearer " + credentials.AuthenticationToken);
var result = await client.User.ListByServiceAsync("resource-group", "service");
MyCredentials 看起来与之前响应中的 myServiceCredentials class 相同,它继承自 ServiceClientCredentials。不过必须制作 AuthenticationToken 道具 public。