为什么在使用访问令牌时得到 HTML 页面作为响应,而在使用 ID 令牌时得到期望的结果? (蔚蓝广告)
Why do I get an HTML page as a response when using Access Token and the desired result when using ID Token? (Azure AD)
当我成功使用我的Azure AD凭据通过我的网络API登录时,我收到了ID和访问令牌.
我了解使用 Web API 的最佳做法是使用访问令牌而不是 ID 令牌。
在 Postman 中,我使用 ID Token 并且可以访问需要授权的所有数据。
使用访问令牌使用 API 时,我得到 Microsoft HTML 登录 页面和 200 OK 状态
<!-- Copyright (C) Microsoft Corporation. All rights reserved. -->
<!DOCTYPE html>
<html dir="ltr" class="" lang="en">
<head>
<title>Sign in to your account</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
<link rel="preconnect" href="https://aadcdn.msftauth.net" crossorigin>
<meta http-equiv="x-dns-prefetch-control" content="on">
<link rel="dns-prefetch" href="//aadcdn.msftauth.net">
<link rel="dns-prefetch" href="//aadcdn.msauth.net">
<meta name="PageID" content="ConvergedSignIn" />
<meta name="SiteID" content="" />
<meta name="ReqLC" content="1033" />
<meta name="LocLC" content="en-US" />
<meta name="referrer" content="origin" />
<noscript>
<meta http-equiv="Refresh" content="0; URL=https://login.microsoftonline.com/jsdisabled" />
</noscript>
...
我可以使用所有令牌验证参数都设置为 false 的 ID 令牌来使用 Web API - 在 services.AddAuthentication... Startup.cs.
我将一些令牌验证参数更改为 true。我还使用 AcquireTokenByUsernamePassword 从 Graph API:
生成有效的访问令牌
IPublicClientApplication app = PublicClientApplicationBuilder
.Create(clientId)
.WithAuthority(authority)
.WithTenantId(tenantId)
.Build();
var securePassword = new SecureString();
foreach (char c in user.Password.ToCharArray()) // fetch the password
securePassword.AppendChar(c); // keystroke by keystroke
var tokens = app.AcquireTokenByUsernamePassword(scopes, user.UserName, securePassword).ExecuteAsync().Result;
_graphServiceClient = new GraphServiceClient(
new DelegateAuthenticationProvider(x =>
{
x.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
return Task.FromResult(0);
}));
当我成功使用我的Azure AD凭据通过我的网络API登录时,我收到了ID和访问令牌.
我了解使用 Web API 的最佳做法是使用访问令牌而不是 ID 令牌。
在 Postman 中,我使用 ID Token 并且可以访问需要授权的所有数据。 使用访问令牌使用 API 时,我得到 Microsoft HTML 登录 页面和 200 OK 状态
<!-- Copyright (C) Microsoft Corporation. All rights reserved. -->
<!DOCTYPE html>
<html dir="ltr" class="" lang="en">
<head>
<title>Sign in to your account</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=2.0, user-scalable=yes">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
<link rel="preconnect" href="https://aadcdn.msftauth.net" crossorigin>
<meta http-equiv="x-dns-prefetch-control" content="on">
<link rel="dns-prefetch" href="//aadcdn.msftauth.net">
<link rel="dns-prefetch" href="//aadcdn.msauth.net">
<meta name="PageID" content="ConvergedSignIn" />
<meta name="SiteID" content="" />
<meta name="ReqLC" content="1033" />
<meta name="LocLC" content="en-US" />
<meta name="referrer" content="origin" />
<noscript>
<meta http-equiv="Refresh" content="0; URL=https://login.microsoftonline.com/jsdisabled" />
</noscript>
...
我可以使用所有令牌验证参数都设置为 false 的 ID 令牌来使用 Web API - 在 services.AddAuthentication... Startup.cs.
我将一些令牌验证参数更改为 true。我还使用 AcquireTokenByUsernamePassword 从 Graph API:
生成有效的访问令牌IPublicClientApplication app = PublicClientApplicationBuilder
.Create(clientId)
.WithAuthority(authority)
.WithTenantId(tenantId)
.Build();
var securePassword = new SecureString();
foreach (char c in user.Password.ToCharArray()) // fetch the password
securePassword.AppendChar(c); // keystroke by keystroke
var tokens = app.AcquireTokenByUsernamePassword(scopes, user.UserName, securePassword).ExecuteAsync().Result;
_graphServiceClient = new GraphServiceClient(
new DelegateAuthenticationProvider(x =>
{
x.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
return Task.FromResult(0);
}));