问题
I am trying to implement Azure API Management APIs using Microsoft.Azure.Management.ApiManagement 4.0.4-preview.
No where I see documentation for implementation. I tried below code. but I am getting authentication error.
Microsoft.Rest.Azure.CloudException: 'Authentication failed. The 'Authorization' header is provided in an invalid format.'
BasicAuthenticationCredentials basicAuthenticationCredentials = new BasicAuthenticationCredentials();
basicAuthenticationCredentials.UserName = "**********";
basicAuthenticationCredentials.Password = "*******";
var token = "Bearer **********"; // copied bear token from https://docs.microsoft.com/en-us/rest/api/apimanagement/user/get by logging proper user name and password
ApiManagementClient apiManagementClient = new ApiManagementClient(basicAuthenticationCredentials);
apiManagementClient.SubscriptionId = "*************************************";
apiManagementClient.HttpClient.DefaultRequestHeaders.TryAddWithoutValidation("Authorization", token);
apiManagementClient.ApiManagementService.Get("resourcegroupname", "POCAPIManagementService"); // error happening from this line
var user = apiManagementClient.User.Get("resourcegroupname", "POCAPIManagementService", "1");
回答1:
After two weeks struggle we found way to Microsoft.Azure.Management.ApiManagement dll Implementation.
1) Create application inside azure ad 2) Go to your APIM => Access control (IAM) Tab 3) Add the above created application (permission is required to do this in APIM) 4) Now you should be able to see Azure AD application in APIM Access control (IAM) Tab
This will provide delegated permission to your application which is created in Azure AD
We can use client credential flow to get delegated access token against Azure AD. Use scope as https://management.azure.com
The sample code for implementing client credential flow for Microsoft.Azure.Management.ApiManagement dll is given below.
public class myServiceCredentials : ServiceClientCredentials{
private string AuthenticationToken { get; set; }
public override void InitializeServiceClient<T>(ServiceClient<T> client)
{
var authenticationContext = new
AuthenticationContext("https://login.windows.net/{tenantID}");
var credential = new ClientCredential(clientId: "xxxxx-xxxx-xx-xxxx-xxx",
clientSecret: "{clientSecret}");
var result = authenticationContext.AcquireToken(resource:
"https://management.core.windows.net/", clientCredential: credential);
if (result == null)
{
throw new InvalidOperationException("Failed to obtain the JWT token");
}
AuthenticationToken = result.AccessToken;
}
}
Thank you https://github.com/Azure/azure-sdk-for-net/issues/4727
回答2:
copied bear token from https://docs.microsoft.com/en-us/rest/api/apimanagement/user/get by logging proper user name and password
It seems that there is something wrong with the way you generate.
The authorization header should be a JSON Web Token that you obtain from Azure Active Directory, but directly from Azure Portal. For more details, you could refer to this article.
You can refer to this document for how to obtain a JWT from AAD and protect an API by using OAuth 2.0 with Azure Active Directory and API Management.
来源:https://stackoverflow.com/questions/52108663/microsoft-azure-management-apimanagement-implementation