问题
Have a issue with Azure Auth. Getting 401 Unauthorized when calling WebAPI Hosted in Azure.
Here's the basics: Followed this tutorial - https://azure.microsoft.com/en-us/documentation/samples/active-directory-dotnet-daemon/
Registered 2 Applications:
- Windows Service
- WebAPI
The Windows Service calls STS and Succesfully gets a JWT. It then tries to pass that token to the WebAPI hosted on azurewebsites.net.
Here is my code to call the STS (Just wrapped in a Auth Class):
public class AzureAuth
{
private AuthenticationContext authContext;
private ClientCredential clientCredential;
protected string AzureADInstanceName;
protected string AzureADTenancyName;
protected string AzureADApplicationClientId;
protected string AzureADApplicationSecret;
protected string AzureADApplicationAppId;
public AzureAuth(string azureADInstanceName, string azureADTenancyName, string azureADApplicationClientId, string azureADApplicationSecret, string azureADApplicationAppId)
{
this.AzureADInstanceName = azureADInstanceName;
this.AzureADTenancyName = azureADTenancyName;
this.AzureADApplicationClientId = azureADApplicationClientId;
this.AzureADApplicationSecret = azureADApplicationSecret;
this.AzureADApplicationAppId = azureADApplicationAppId;
string authority = string.Format(CultureInfo.InvariantCulture, AzureADInstanceName, AzureADTenancyName);
this.authContext = new AuthenticationContext(authority);
this.clientCredential = new ClientCredential(AzureADApplicationClientId, AzureADApplicationSecret);
}
public async Task ExecuteGetWithAADAutToken<T>(Action<AuthenticationResult> AfterAuthAction)
{
AuthenticationResult result = null;
try
{
result = await authContext.AcquireTokenAsync(this.AzureADApplicationAppId, this.clientCredential);
AfterAuthAction(result);
}
catch (Exception ex)
{
throw;
}
}
}
I'm then using that Auth class and the AuthResult to call the WebApi:
using (var client = new HttpClient())
{
client.BaseAddress = new Uri(getEndPointUri);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", res.AccessToken);
HttpResponseMessage response = await client.GetAsync("/api/field");
if (response.IsSuccessStatusCode)
{
var resultStringJSON = await response.Content.ReadAsStringAsync();
Console.WriteLine(resultStringJSON);
}
else
{
var resulterrorStringJSON = await response.Content.ReadAsStringAsync();
Console.WriteLine(resulterrorStringJSON);
}
}
The HttpResponseMessage response is giving Unauthorised
I used fiddler to get the Request and Response:
GET https://xxxxxxxx.azurewebsites.net/api/someapi HTTP/1.1
Accept: application/json
Authorization: Bearer XXXXXXXXX
Host: xxxxxx.azurewebsites.net
HTTP/1.1 401 Unauthorized
Content-Length: 0
Server: Microsoft-IIS/8.0
WWW-Authenticate: Bearer realm="xxxxxxx.azurewebsites.net"
X-Powered-By: ASP.NET
Set-Cookie: ARRAffinity=697493f3974009aeb448f562d1b389f79aa6008071be1244c77f3f1d3849f5f0;Path=/;Domain=xxxxxxxx.azurewebsites.net
Date: Tue, 24 May 2016 03:59:15 GMT
Help please?
The main problem I suspect is that in Azure, the AAD Application does not have access to the Web API App. I tried to add it via Users but when I search that Application as user it can't find it. The Registered applications are in a different Azure AD Directory.
回答1:
By chance did you enable Authentication / Authorization in the portal? Several people have run into similar problems when they use both the integrated Authentication / Authorization AND the OWIN Azure AD authentication middleware in the same web app. The correct way to setup your app is to use one or the other because they don't currently play nice together.
来源:https://stackoverflow.com/questions/37404286/azure-ad-http-1-1-401-unauthorized-windows-service