我一直在尝试在移动应用程序中为我的Web应用程序实现Azure Active Directory身份验证 . 已按照tutorial(使用的替代方法)中的说明配置了移动应用程序 .
我的Azure Active Directory应用程序设置:SIGN-ON URL:https:// <mymobileappname> .azurewebsites.net / App ID URI:https:// <mymobileappname> .azurewebsites.net /回复URL:https:// <mymobileappname > .azurewebsites.net / .auth /登录/ AAD /回调
我还将ClientID(b6da4c72-xxxx-xxxx-xxxx-e20d561b7906)和entityID(https:// sts.windows.net/e052874c-xxxx-xxxx-xxxx-afd774687ee8/)传递给Azure门户中的移动应用程序身份验证设置然后打开它 .
在我的Web应用程序中,我做了以下事情:
- 从Azure Active Directory获取令牌
public string GetAADToken()
{
string clientID = "b6da4c72-xxxx-xxxx-xxxx-e20d561b7906";
string authority = "https://login.windows.net/<mytenant>";
string resourceURI = "https://<mymobileappname>.azurewebsites.net/";
var appKey = <mysecretvalidkeytakenfromazureactivedirecoryapp>";
var authenticationContext= new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority);
var clientCredential = new ClientCredential(clientID, appKey);
var authenticationResult = authenticationContext.AcquireToken(resourceURI, clientCredential);
return authenticationResult.AccessToken;
}
- 使用MobileServiceClient(v2.0.1)在移动应用程序中使用AAD令牌进行身份验证
MobileServiceClient client = new MobileServiceClient("https://<mymobileappname>.azurewebsites.net/");
var token = new JObject();
token["access_token"] = GetAADToken();
var res = client.LoginAsync("aad", token).Result;
此代码将身份验证请求发送到我的移动应用
{Method: POST, RequestUri: 'https://<mymobileappname>/.auth/login/aad', Version: 1.1, Headers:
{
X-ZUMO-INSTALLATION-ID: 904579fa-xxxx-xxxx-xxxx-02efc7ba2937
Accept: application/json
User-Agent: ZUMO/2.0
User-Agent: (lang=Managed; os=Windows; os_version=6.2.0.9200; arch=Win32NT; version=2.0.31217.0)
X-ZUMO-VERSION: ZUMO/2.0 (lang=Managed; os=Windows; os_version=6.2.0.9200; arch=Win32NT; version=2.0.31217.0)
Content-Type: application/json; charset=utf-8
Content-Length: 1129
}}
在POST-body中发送带有AAD令牌的json .
同样的解决方案用于天蓝色移动服务并且工作正常,但对于移动应用服务,我总是得到:401'未经授权' .
我究竟做错了什么?