问题
I am trying to test my ASP.NET Core 2.2 Web API with Postman. My API is protected by Azure AD. I have been using the "Web App your API" Microsoft Azure Sample on GitHub and triple-checked all of the steps.
Using Postman I ask it to get a token using the OAuth2 Implicit flow and I do get a token returned. If I decode the token it seems to contain all the claims I want: aud, upn and scp all make sense.
However, when I then send a request to the API using the returned token I still get a 401.
The API is working because if I remove the [Authorize] attribute I get data returned.
If I try accessing the API with a web client I get an error: MsalUiRequiredException: No account or login hint was passed to the AcquireTokenSilent call. but that makes no sense given that my upn is returned in the token.
Can anyone recommend further action to figure out what's wrong.
UPDATE
On line 381 of TokenAcquisition.cs account is null so when AcquireTokenSilent() is subsequently called the result is null.
回答1:
I abandoned Postman for a while and focused on a web client. I had to rename my Application ID URI in the Azure Portal from https://<company>.onmircrosoft.com/<myapi>/user_impersonation to api://<application_guid>/access_as_user and similarly in my application code. This made TokenAcquisition.cs start returning a token and I got the Web App talking to the API.
I still don't have Postman working though now it returns a message: invalid_client. Probably as I need to use a different flow. Anyhow, I'm happy for the moment.
来源:https://stackoverflow.com/questions/57978358/postman-gets-a-valid-token-but-getting-401-from-api