Azure API身份validation
我在C#代码中使用Azure API并在库下使用
using Microsoft.Rest; using Microsoft.Rest.Azure.Authentication; using Microsoft.Azure.Management.DataLake.Store; using Microsoft.Azure.Management.DataLake.StoreUploader; using Microsoft.Azure.Management.DataLake.Analytics; using Microsoft.Azure.Management.DataLake.Analytics.Models; using Microsoft.WindowsAzure.Storage.Blob; 要创建与Azure的连接,
private static ServiceClientCredentials AuthenticateAzure(string domainName, string nativeClientAppCLIENTID) { // User login via interactive popup SynchronizationContext.SetSynchronizationContext(new SynchronizationContext()); // Use the client ID of an existing AAD "Native Client" application. var activeDirectoryClientSettings = ActiveDirectoryClientSettings.UsePromptOnly(nativeClientAppCLIENTID, new Uri("urn:ietf:wg:oauth:2.0:oob")); return UserTokenProvider.LoginWithPromptAsync(domainName, activeDirectoryClientSettings).Result; }
通过这个我得到了弹出窗口,它询问我的凭据。 我不想每次出现这个弹出窗口。 有没有办法在创建Azure应用程序旁边提出这个问题?
======================================
我有应用程序ID,TenantId和其他东西。 这有助于我在没有提示的情况下对azure进行身份validation吗?
我们可以使用函数UserTokenProvider.LoginSilentAsync(nativeClientAppClientid, domainName, userName, password)来获取我们的凭据而无需弹出窗口。 它适用于我,以下是我的测试代码。 如何注册WebApp请参考该文档 。
static void Main(string[] args) { var certificate = AuthenticateAzure("your domain name", "Ad App client ID", "username", "password"); } /// /// Log in to azure active directory in non-interactive mode using organizational // id credentials and the default token cache. Default service settings (authority, // audience) for logging in to azure resource manager are used. /// /// The active directory domain or tenant id to authenticate with /// The active directory client id for this application /// The organizational account user name, given in the form of a user principal name (eg user1@contoso.org). /// The organizational account password. /// A ServiceClientCredentials object that can be used to authenticate http requests using the given credentials. private static ServiceClientCredentials AuthenticateAzure(string domainName, string nativeClientAppClientid,string userName,string password) { return UserTokenProvider.LoginSilentAsync(nativeClientAppClientid, domainName, userName, password).Result; }
更新:
有关如何注册AD App并将角色分配给应用程序的更多详细信息,请参阅文档 。 之后我们可以从Azure门户获取tenantId, appId, secretKey 。 然后我们可以使用Microsoft.IdentityModel.Clients.ActiveDirectory SDK获取api身份validation令牌。
演示代码:
var subscriptionId = "Your subscrption"; var appId = "Registried Azure Application Id"; var secretKey = "Secret Key"; var tenantId = "tenant Id"; var context = new AuthenticationContext("https://login.windows.net/" + tenantId); ClientCredential clientCredential = new ClientCredential(appId, secretKey ); var tokenResponse = context.AcquireTokenAsync("https://management.azure.com/", clientCredential).Result; var accessToken = tokenResponse.AccessToken; using (var client = new HttpClient()) { client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken); client.BaseAddress = new Uri("https://management.azure.com/"); // Now we can party with our HttpClient! }
