在我们的应用程序中使用Angular 5,我们通过Azure Active Directory(AAD)进行身份验证,获取持有者令牌以访问后端API . 我们在对后端api的身份验证调用中没有取得任何成功,获得401未经授权 . App和Api都托管在Azure中 . 在解决此问题时,将不胜感激任何帮助:

The App service Registration on AAD:

Angular App (using the adal-angular5 1.0.36 library):
Application ID: aaaaa-aaaaa-aaaaa-aaaaa-aaaaa  
Object ID: bbbbbb-bbbbb-bbbb-bbbbb-bbbbbb  
App ID URI: https://frontendapp.azurewebsites.net  
Home Page URL: https://homepage.frontendapp.com  

Backend API (.Net 4.7):
Application ID: cccccc-cccccc-cccccc-cccccc-cccccc  
Object ID: dddddd-ddddd-ddddd-dddddd-dddddd  
App ID URI: https://backendapi.azurewebsites.net  
Home Page URL: https://homepage.backendapi.com

App方面

config for adal-angular5 on the Angular App:

config: adal.Config = {
  tenant: 'common',
  clientId: 'aaaaa-aaaaa-aaaaa-aaaaa-aaaaa',
  postLogoutRedirectUri: window.location.origin,
  endpoints: {
    ApiUri: "https://homepage.backendapi.com",
  }
};

Call to get the bearer token:

this.adal5Service.acquireToken("https://backendapi.azurewebsites.net")

call to the api
我们验证了选项包含具有承载令牌的标头:

this.adal5HttpService.get('/api/hello', options);

在API方面

我们正在使用Microsoft Owin库(Microsoft.Owin 4.0.0 nuget包),

API startup:

public partial class Startup
{
    /// <summary>
    /// Initializes OWIN authentication.
    /// </summary>
    /// <param name="app">Web API AppBuilder</param>
    public void Configuration(IAppBuilder app)
    {
        if (app == null)
        {
            throw new ArgumentNullException("app");
        }

        app.UseWindowsAzureActiveDirectoryBearerAuthentication(
            new WindowsAzureActiveDirectoryBearerAuthenticationOptions
            {
                Tenant = "common",
                Audience = "https://backendapi.azurewebsites.net"
            });
    }
}

API side controler

[HttpGet]
[Authorize]
[Route("hello")]
public string GetHello()
{
    try
    {
        var result = "we hit it yay!!!!!!!!!!!!!!!";
        return result;
    }
    catch (Exception ex)
    {
        var msg = "not hit saddd.....";
        var error = new Exception(msg, ex);
        throw error;
    }
}

使用 [Authorize] 属性,我们将获得401未授权,没有其他错误消息 .
如果没有 [Authorize] 属性,我们就可以正常使用Controller方法并获得返回结果 .

我能够确认从App发送的持有者令牌确实是我们在Api中的头部中获得的持有者令牌 . 我无法弄清楚为什么我们会得到未经授权的 .

APP或API端的配置设置是否正确?
Azure中是否需要其他配置?
任何帮助都会很感激!

angular5 azure-active-directory owin bearer-token .net-4.7