在启用 Azure 目录的情况下通过 Azure 代理访问本地 Api
Accessing On Premise Api Through Azure Proxy with Azure Directory Enabled
我正在尝试使用 Azure 应用程序代理公开我的本地 API。
我已成功将其配置为使用预身份验证设置为 Passthrough。当我将预身份验证更改为 Azure Active Directory 时,我可以通过浏览器成功访问端点。但是,当我尝试从代码调用本地端点时,我收到了 Microsoft 登录页面的 HTML。成功的请求将 return 一个 JSON 响应。
我正在关注 Microsoft 文章:Secure access to on-premise APIs with Azure AD Application Proxy
通过 Azure Docs defect,我了解到我必须使用“http://localhost”作为 RedirectUri 的值并将我的客户端应用程序配置为“移动和桌面应用程序”平台。
这是我的代码:
[Fact]
public async Task Successfully_authenticate_but_cant_access_the_proxy()
{
// Acquire Access Token from AAD for Proxy Application
var clientApp = PublicClientApplicationBuilder
.Create("b510069b-xxxx-xxxx-xxxx-9363xxxxxxxx") //Client Id for Client Application
.WithRedirectUri("http://localhost") // This must be configured as a "Mobile and desktop applications" platform in the client application
.WithTenantId("xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd") //Not sure if this is needed.
.WithAuthority("https://login.microsoftonline.com/xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd")
.Build();
AuthenticationResult authResult;
var accounts = await clientApp.GetAccountsAsync();
var account = accounts.FirstOrDefault();
IEnumerable<string> scopes = new string[] {"https://endpoints-xxx.msappproxy.net/user_impersonation"};
try
{
authResult = await clientApp.AcquireTokenSilent(scopes, account).ExecuteAsync();
}
catch (MsalUiRequiredException ex)
{
authResult = await clientApp.AcquireTokenInteractive(scopes).ExecuteAsync();
}
if (authResult != null)
{
//Use the Access Token to access the Proxy Application
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
var response = await httpClient.GetAsync("https://endpoints-xxx.msappproxy.net");
//Failing here. I'm receiving the HTML for the Sign-In page. I'm expecting a response with JSON.
var responseValue = await response.Content.ReadAsStringAsync();
}
}
有没有人成功通过 Azure 应用程序代理和 Azure Active Directory 访问本地端点?
我向 Microsoft 提交了工单,他们能够确定问题所在。
范围在域名后需要第二个斜杠“/”:
IEnumerable<string> scopes = new string[] {"https://endpoints-xxx.msappproxy.net//user_impersonation"};
完整的代码如下所示:
[Fact]
public async Task Successfully_authenticate_but_cant_access_the_proxy()
{
// Acquire Access Token from AAD for Proxy Application
var clientApp = PublicClientApplicationBuilder
.Create("b510069b-xxxx-xxxx-xxxx-9363xxxxxxxx") //Client Id for Client Application
.WithRedirectUri("http://localhost") // This must be configured as a "Mobile and desktop applications" platform in the client application
.WithTenantId("xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd") //Not sure if this is needed.
.WithAuthority("https://login.microsoftonline.com/xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd")
.Build();
AuthenticationResult authResult;
var accounts = await clientApp.GetAccountsAsync();
var account = accounts.FirstOrDefault();
IEnumerable<string> scopes = new string[] {"https://endpoints-xxx.msappproxy.net//user_impersonation"};
try
{
authResult = await clientApp.AcquireTokenSilent(scopes, account).ExecuteAsync();
}
catch (MsalUiRequiredException ex)
{
authResult = await clientApp.AcquireTokenInteractive(scopes).ExecuteAsync();
}
if (authResult != null)
{
//Use the Access Token to access the Proxy Application
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
var response = await httpClient.GetAsync("https://endpoints-xxx.msappproxy.net");
//Failing here. I'm receiving the HTML for the Sign-In page. I'm expecting a response with JSON.
var responseValue = await response.Content.ReadAsStringAsync();
}
}
我正在尝试使用 Azure 应用程序代理公开我的本地 API。
我已成功将其配置为使用预身份验证设置为 Passthrough。当我将预身份验证更改为 Azure Active Directory 时,我可以通过浏览器成功访问端点。但是,当我尝试从代码调用本地端点时,我收到了 Microsoft 登录页面的 HTML。成功的请求将 return 一个 JSON 响应。
我正在关注 Microsoft 文章:Secure access to on-premise APIs with Azure AD Application Proxy
通过 Azure Docs defect,我了解到我必须使用“http://localhost”作为 RedirectUri 的值并将我的客户端应用程序配置为“移动和桌面应用程序”平台。
这是我的代码:
[Fact]
public async Task Successfully_authenticate_but_cant_access_the_proxy()
{
// Acquire Access Token from AAD for Proxy Application
var clientApp = PublicClientApplicationBuilder
.Create("b510069b-xxxx-xxxx-xxxx-9363xxxxxxxx") //Client Id for Client Application
.WithRedirectUri("http://localhost") // This must be configured as a "Mobile and desktop applications" platform in the client application
.WithTenantId("xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd") //Not sure if this is needed.
.WithAuthority("https://login.microsoftonline.com/xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd")
.Build();
AuthenticationResult authResult;
var accounts = await clientApp.GetAccountsAsync();
var account = accounts.FirstOrDefault();
IEnumerable<string> scopes = new string[] {"https://endpoints-xxx.msappproxy.net/user_impersonation"};
try
{
authResult = await clientApp.AcquireTokenSilent(scopes, account).ExecuteAsync();
}
catch (MsalUiRequiredException ex)
{
authResult = await clientApp.AcquireTokenInteractive(scopes).ExecuteAsync();
}
if (authResult != null)
{
//Use the Access Token to access the Proxy Application
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
var response = await httpClient.GetAsync("https://endpoints-xxx.msappproxy.net");
//Failing here. I'm receiving the HTML for the Sign-In page. I'm expecting a response with JSON.
var responseValue = await response.Content.ReadAsStringAsync();
}
}
有没有人成功通过 Azure 应用程序代理和 Azure Active Directory 访问本地端点?
我向 Microsoft 提交了工单,他们能够确定问题所在。
范围在域名后需要第二个斜杠“/”:
IEnumerable<string> scopes = new string[] {"https://endpoints-xxx.msappproxy.net//user_impersonation"};
完整的代码如下所示:
[Fact]
public async Task Successfully_authenticate_but_cant_access_the_proxy()
{
// Acquire Access Token from AAD for Proxy Application
var clientApp = PublicClientApplicationBuilder
.Create("b510069b-xxxx-xxxx-xxxx-9363xxxxxxxx") //Client Id for Client Application
.WithRedirectUri("http://localhost") // This must be configured as a "Mobile and desktop applications" platform in the client application
.WithTenantId("xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd") //Not sure if this is needed.
.WithAuthority("https://login.microsoftonline.com/xxxxxx-d4cf-4xxx-xxxx-8dc72cbc00bd")
.Build();
AuthenticationResult authResult;
var accounts = await clientApp.GetAccountsAsync();
var account = accounts.FirstOrDefault();
IEnumerable<string> scopes = new string[] {"https://endpoints-xxx.msappproxy.net//user_impersonation"};
try
{
authResult = await clientApp.AcquireTokenSilent(scopes, account).ExecuteAsync();
}
catch (MsalUiRequiredException ex)
{
authResult = await clientApp.AcquireTokenInteractive(scopes).ExecuteAsync();
}
if (authResult != null)
{
//Use the Access Token to access the Proxy Application
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
var response = await httpClient.GetAsync("https://endpoints-xxx.msappproxy.net");
//Failing here. I'm receiving the HTML for the Sign-In page. I'm expecting a response with JSON.
var responseValue = await response.Content.ReadAsStringAsync();
}
}