Using Active Directory authentication in API app in azure

问题

Using this article I've built an Java Api App hosted on Azure. I am able to request the API with Postman, Curl and within my browser. But now I added authentication to the api app using Active Directory.

Now If I want to request the API I am forwarded to a login page when using my browser. But now I would like to use the API with authentication with Curl and Postman. How to do that?

EDIT: What did I try? In the following I use this http request url which works with authentication switched off:

https://<myappurl>.azurewebsites.net/api/contacts

So when I switch on authentication and run the request with

curl https://<myappurl>.azurewebsites.net/api/contacts

then I get this result:

You do not have permission to view this directory or page.

Even if I let curl print the response header I don't get any information about a redirect url or something. Also within the header I receive an http status code the information about not being permitted:

HTTP/1.1 401 Unauthorized

I thought that it may be working using OAuth2 like in this example. But I don't know if this works with Azure. Even then I don't know where to request the token. Furthermore I need all this data:

client-id
client-secret
username
password

But I don't have any client secret. Am I on the right track with OAuth2?

EDIT 2: Here I read to use this url for authentication with Active Directory:

{your App Service base URL}/.auth/login/aad

If I request this URL with curl I get the following output:

<head>
    <title>Document Moved</title>
</head>
<body>
    <h1>Object Moved</h1>
    This document may be found <a HREF="https://login.windows.net/
    <some-id>/oauth2/authorize?response_type=id_token&amp;redirect_uri=
    https%3A%2F%2<myappurl>.azurewebsites.net%2F.auth%2Flogin%2Faad%2F
    callback&amp;client_id=<client-id>&amp;scope=openid+profile+email&amp;
    response_mode=form_post&amp;state=%23&amp;
    nonce=552b4c61f8bd4988a48c8763f9dfa42a_20161026075605">here</a>

</body>

If I call this url with curl then I get the same information with the url login.microsoftonline.com instead oflogin.windows.net And if I call this new url with curl then I get some HTML/js-Code with Error Code 400.

Then I tried to pass username and password with

curl -u <username>:<password> "https://login.microsoftonline.com...."

But this again resulted in the HTML/js output with error code 400. So what to do now to login?

来源：https://stackoverflow.com/questions/40244446/using-active-directory-authentication-in-api-app-in-azure

标签

java

api

azure

curl

active-directory