如何在同一應用程序中驗證/授權MVC Web應用程序和Web API

Question

我們已經開發了一個使用asp.net MVC框架和Azure活動目錄進行身份驗證/授權的Web應用程序。 現在的問題是我們要在該webapp中使用api。爲了驗證web api，我們可以使用與我們成功授權webapp web應用程序時相同的請求令牌。

感謝， Tamilselvan S.

Answer 1

您可以添加對Web應用程序的多個認證中間件支持OWIN。要同時支持cookie和認證，請參考以下代碼：

app.UseWindowsAzureActiveDirectoryBearerAuthentication(
    new WindowsAzureActiveDirectoryBearerAuthenticationOptions 
    { 
     Audience = ConfigurationManager.AppSettings["ida:Audience"], 
     Tenant = ConfigurationManager.AppSettings["ida:Tenant"], 
}); 

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions 
    { 

     ClientId = clientId, 
     Authority = Authority, 
     Notifications = new OpenIdConnectAuthenticationNotifications() 
     { 
      RedirectToIdentityProvider = (context) => 
      { 
       // This ensures that the address used for sign in and sign out is picked up dynamically from the request 
       // this allows you to deploy your app (to Azure Web Sites, for example)without having to change settings 
       // Remember that the base URL of the address used here must be provisioned in Azure AD beforehand. 
       string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase; 
       context.ProtocolMessage.RedirectUri = appBaseUrl + "/"; 
       context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl; 

       return Task.FromResult(0); 
      }, 

      AuthenticationFailed = (context) => 
      { 
       // Suppress the exception if you don't want to see the error 
       context.HandleResponse(); 

       return Task.FromResult(0); 
      } 

     }, 
     TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters 
     { 
      ValidateIssuer = false, 
     } 

    });