瀹屾暣妗堜緥鈥斺€旈厤缃墠绔拰鍚庣API搴旂敤鐨勫畨鍏ㄨ璇佲€斺€斿熀浜嶢zure瀹炵幇

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了瀹屾暣妗堜緥鈥斺€旈厤缃墠绔拰鍚庣API搴旂敤鐨勫畨鍏ㄨ璇佲€斺€斿熀浜嶢zure瀹炵幇相关的知识,希望对你有一定的参考价值。

鏍囩锛?a href='http://www.mamicode.com/so/1/ref' title='ref'>ref   缃戦〉   use   mes   efi   headers   anti   efault   result   

杩欑瘒鏂囩珷璁板綍浜嗘垜鐨勪竴浜涘疄璺点€傚畼鏂规枃妗f槸 https://docs.microsoft.com/en-us/azure/app-service/tutorial-auth-aad?pivots=platform-linux

妗堜緥鍦烘櫙

  1. 鎴戞湁涓€涓狝PI 鏈嶅姟锛岀敤dotnet core 缂栧啓鐨?
  2. 鎴戞湁涓€涓墠绔綉绔欙紝鐢≧eact 缂栧啓鐨?
  3. 鎴戝笇鏈涜繖涓墠绔綉绔欙紝鍙互瀹夊叏鍦拌闂埌API鏈嶅姟
  4. 鎴戜笉甯屾湜鍏朵粬浜哄湪娌℃湁缁忚繃鐧诲綍鐨勬儏鍐典笅锛岀洿鎺ヨ闂埌杩欎釜API鏈嶅姟

鍏抽敭鎶€鏈?

  1. 涓や釜搴旂敤閮芥槸闇€瑕佸惎鐢ㄨ韩浠借璇佺殑銆傝繖涓畼鏂规枃妗i噰鐢ㄧ殑鏂规鏄埄鐢ㄦ渶鏂扮殑Azure鐨勫姛鑳斤紝鍙仛Easy Auth , 瀹樻柟鏂囨。鍦ㄨ繖閲?https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization銆?鎴戜滑閲囩敤Azure Active Directory鏉ュ仛璁よ瘉锛屾墍浠ヤ細鍒涘缓瀵瑰簲鐨勪袱涓狝zure AD application銆?
  2. 閰嶇疆鍓嶇搴旂敤瀵瑰簲鐨凙zure AD application, 璁╀粬鍙互璁块棶鍚庣API搴旂敤銆?

    鎶€鏈浘鐗? src=

 

  1. 閰嶇疆API 搴旂敤瀵瑰簲鐨凙zure AD application, 璁╀粬鑷姩鎺堟潈锛屼俊浠诲墠绔簲鐢ㄥ搴旂殑Azure AD application銆傦紙杩欎竴姝ユ槸瀹樻柟鏂囨。涓病鏈夌殑锛屼絾杩欐牱娣诲姞浜嗘洿鍔犳柟渚匡紝鍥犱负涓嶄細寮瑰嚭涓€涓鐢ㄦ埛棰濆鎺堟潈鐨勬彁绀烘锛夈€傝繖閲屾瘮杈冩湁鎰忔€濈殑杩樻湁锛屽氨鏄彲浠ユ坊鍔犱竴涓垨澶氫釜scope锛岃繖涓彲浠ュ湪鍚庣画鐨勪唬鐮佷腑楠岃瘉锛屽疄鐜扮被浼间簬Microsoft Graph鐨勬晥鏋溿€?

     

    鎶€鏈浘鐗? src=

     

     

  2. 閰嶇疆鍓嶇搴旂敤鍦ㄥ仛韬唤璁よ瘉鏃讹紝椤哄甫灏辨妸璁块棶鍚庣API鏈嶅姟鐨刬d_token鍙栬繃鏉ャ€傝繖涓€姝ュ緢鍏抽敭銆傞渶瑕佽闂?https://resources.azure.com 杩欎釜缃戠珯杩涜淇敼authSettings.

     

    "additionalLoginParams": [

    "response_type=code id_token",

    "resource=ee8a72b8-81f1-4a2f-b98c-aa394559f487"

    ],

     

    鎶€鏈浘鐗? src=

  3. 涓轰簡璁╁墠绔簲鐢紙React锛夊彲浠ヨ闂埌杩欎釜鍚庣API 鏈嶅姟锛岃繕闇€瑕佽缃悗绔疉PI鏈嶅姟鐨凜ORS

     

    璇锋敞鎰忥紝濡傛灉涓嶆兂鍋欳ORS鐨勬帶鍒讹紝鍒欏彲浠ュ彇娑?"Enable Access-Control-Allow-Credentials" 杩欎釜澶嶉€夋锛岀劧鍚庡湪Allowed Origins 涓垹闄ゆ墍鏈夌殑鍦板潃锛岃緭鍏ヤ竴涓?* 灏卞彲浠ヤ簡銆?

     

    鎶€鏈浘鐗? src=

  4. 杩欐牱閰嶇疆瀹屽悗锛屽綋鐢ㄦ埛灏濊瘯鍘绘墦寮€鍓嶇杩欎釜React 搴旂敤鏃讹紝浼氳嚜鍔ㄥ脊鍑篈zure AD 鐨勮韩浠借璇佺殑绐楀彛锛屽苟涓旇嚜鍔ㄥ畬鎴愯璇併€傞偅涔堝浣曞湪React涓緱鍒板搴旂殑ID_TOKEN鍛紵鏈夋剰鎬濈殑鏄紝杩欓噷鍙璁块棶 /.auth/me 杩欎釜鍦板潃鍗冲彲鑾峰緱銆傜劧鍚庡氨鍙互鐢ㄨ繖涓猘ccess_token鍘荤户缁闂悗绔殑API鏈嶅姟浜?

     

    fetch("/.auth/me")

    .then(res => {

    return res.json()

    })

    .then(data => {

    const token = data[0].access_token;

    /* 璇诲彇澶╂皵鏁版嵁 */

    let remote_url = "https://weatherservice-ares.azurewebsites.net/WeatherForecast";

     

    fetch(remote_url, {

    headers: {

    鈥楢uthorization鈥? 鈥榖earer 鈥?+ token

    }

    })

    .then(res => {

    return res.json();

    })

    .then(items => {

    setLoaded(true);

    setItems(items)

    });

    })

     

     

    棰樺璇濓細濡傛灉鍓嶇杩欎釜搴旂敤锛屼笉鏄敤React鍐欑殑闈欐€佺綉椤碉紝鑰屼篃鏄竴涓湇鍔″櫒鎶€鏈紑鍙戠殑缃戦〉锛屼緥濡侫SP.NET Core锛屽彲浠ヤ娇鐢ㄤ笅闈㈢殑鏂瑰紡杩涜access_token鐨勪紶閫掋€備篃灏辨槸璇达紝Azure 鎻愪緵鐨凟asy Auth 浼氳嚜鍔ㄥ湴鎶婄敤鎴风櫥褰曞悗寰楀埌鐨則oken锛屽湪姣忎釜璇锋眰鐨刪eader涓紝閫氳繃 X-MS-TOKEN-AAD-ACCESS-TOKEN 杩欎釜浼犻€掕繃鏉ャ€?

     

    public override void OnActionExecuting(ActionExecutingContext context)

    {

    base.OnActionExecuting(context);

     

    _client.DefaultRequestHeaders.Accept.Clear();

    _client.DefaultRequestHeaders.Authorization =

    new AuthenticationHeaderValue("Bearer", Request.Headers["X-MS-TOKEN-AAD-ACCESS-TOKEN"]);

    }

     

  5. 濡備綍鍦ˋPI鏈嶅姟绔垽鏂敤鎴风殑韬唤锛屽寘鎷鎴蜂俊鎭紝璐﹀彿淇℃伅鍛€備笅闈㈠嚑琛屽嚑琛屼唬鐮佸嵆鍙?

 

var user = HttpContext.User.Identity.Name;

var provider = HttpContext.User.FindFirst("http://schemas.microsoft.com/identity/claims/identityprovider")?.Value;

var tid = HttpContext.User.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid")?.Value;

var oid = HttpContext.User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value;

var scp = HttpContext.User.FindFirst("http://schemas.microsoft.com/identity/claims/scope")?.Value;

 

    浣嗘槸杩欓噷浼氭湁涓€涓棶棰橈紝榛樿鎯呭喌涓嬶紝浣犱笂闈㈣幏鍙栧埌鐨勪俊鎭兘鏄┖鐧界殑銆傝繖鏄竴涓凡鐭ョ殑闂锛岄渶瑕侀€氳繃涓€涓涓夋柟搴撴潵瑙e喅銆?https://github.com/MaximRouiller/MaximeRouiller.Azure.AppService.EasyAuth

 

    鍏蜂綋鐨勫仛娉曞氨鏄紝娣诲姞杩欎釜package 锛?MaximeRouiller.Azure.AppService.EasyAuth锛岀劧鍚庢敞鍏ユ湇鍔?

    services.AddAuthentication().AddEasyAuthAuthentication((o) => { });

 

    鐒跺悗鍦ㄥ叿浣撶殑Controller鎴栬€匒ction涓婇潰娣诲姞

    [Authorize(AuthenticationSchemes = "EasyAuth")]

 

  1. 濡備綍鍒ゆ柇褰撳墠鐨則oken鏄惁鍏锋湁鎸囧畾鐨剆cope锛屼互纭畾鍝簺鐢ㄦ埛鑳借闂粈涔堟湇鍔°€?

     

    杩欎釜鎴戜滑鍙互閫氳繃灏佽涓€涓被鏉ユ娴?

     

    using Microsoft.AspNetCore.Http;

    using Microsoft.AspNetCore.Mvc;

    using Microsoft.AspNetCore.Mvc.Filters;

    using System;

    using System.Collections.Generic;

    using System.Linq;

    using System.Threading.Tasks;

     

    namespace webapisample

    {

    public static class HttpContextExtension

    {

    public static bool VerifyUserHasAnyAcceptedScope(this HttpContext ctx, string[] scopes)

    {

    var scp = ctx.User.FindFirst("http://schemas.microsoft.com/identity/claims/scope")?.Value;

    if (string.IsNullOrEmpty(scp))

    return false;

     

    return scp.Split(鈥?鈥?.Intersect(scopes).Count() == scopes.Count();

    }

    }

    public class ScopeFilterAttribute : Attribute, IActionFilter

    {

    public string[] Scopes { get; set; }

     

    public void OnActionExecuted(ActionExecutedContext context)

    {

     

    }

     

    public void OnActionExecuting(ActionExecutingContext context)

    {

    if (!context.HttpContext.VerifyUserHasAnyAcceptedScope(Scopes))

    context.Result = new UnauthorizedResult();

    }

    }

    }

     

    杩欎釜ScopeFilter浣跨敤璧锋潵涔熷緢绠€鍗曪紝濡備笅鎵€绀?

     

    [ScopeFilter(Scopes = new string[] { "Files.Read" })]

以上是关于瀹屾暣妗堜緥鈥斺€旈厤缃墠绔拰鍚庣API搴旂敤鐨勫畨鍏ㄨ璇佲€斺€斿熀浜嶢zure瀹炵幇的主要内容,如果未能解决你的问题,请参考以下文章

eNSP鈥斺€旈厤缃叏灞€鍦板潃姹犵殑DHCP

mac锛欸o瀹夎鍜岄厤缃?GoLand瀹夎鍜屼娇鐢ㄤ箣瀹屾暣鏁欑▼

mysql鏁呴殰妗堜緥

13涓猅ensorflow瀹炶返妗堜緥锛屾暀浣犲叆闂ㄥ埌杩涢樁

P9 澶т浆鍘熷垱鈥斺€斿洓涓楠わ紝杞绘澗鎼炲畾鏋舵瀯璁捐