代码之家  ›  专栏  ›  技术社区  ›  fuegonju

Azure Mysql HTTP REST API。获取JSON Web令牌

http azure api rest mysql
  •  0
  • fuegonju  · 技术社区  · 7 年前

    我正在尝试通过http rest api连接到我的Azure Mysql( https://docs.microsoft.com/en-us/rest/api/mysql/ )没有成功。问题是我无法从我的Web应用程序中获取JSON Web令牌。情况:

    Azure Web应用程序---rest api--->Azure MySql

    我想我需要在active directory中“注册”这个Mysql服务器资源,但似乎我做不到。

    https://blogs.msdn.microsoft.com/jpsanders/2017/03/17/accessing-azure-app-services-using-azure-ad-bearer-token-2 )但我有同样的问题:我不能在Azure Active Directory中注册MySql。

    那么,如何获得Mysql HTTP REST API的JSON Web令牌呢?

    谢谢

    --------MYSQL资源的AD专有角色(非MYSQL服务器)-- enter image description here 

        //
// https://blogs.msdn.microsoft.com/jpsanders/2017/03/17/accessing-azure-app-services-using-azure-ad-bearer-token-2/
//
public static class AzureActiveDirectory
{
    // the AD Authority used for login.  For example: https://login.microsoftonline.com/myadnamehere.onmicrosoft.com 
    public static string authority = "";
    // the Application ID of this app.  This is a guid you can get from the Advanced Settings of your Auth setup in the portal
    public static string clientId = "";
    // the key you generate in Azure Active Directory for this application
    public static string clientSecret = "";
    // the Application ID of the app you are going to call.This is a guid you can get from the Advanced Settings of your Auth setup for the targetapp in the portal
    public static string resource = "";


    static public async Task<AuthenticationResult> GetS2SAccessTokenForProdMSAAsync()
    {
        var task =  await GetS2SAccessToken(authority, resource, clientId, clientSecret);
        return task;
    }

    static async Task<AuthenticationResult> GetS2SAccessToken(string authority, string resource, string clientId, string clientSecret)
    {
        var clientCredential = new ClientCredential(clientId, clientSecret); 
        AuthenticationContext context = new AuthenticationContext(authority, false); 
        AuthenticationResult authenticationResult = await context.AcquireTokenAsync(
            resource,  // the resource (app) we are going to access with the token
            clientCredential);  // the client credentials
        return authenticationResult; 
    }

}





  AzureActiveDirectory.authority = "https://login.microsoftonline.com/********/";
        AzureActiveDirectory.clientId = "********";                                             
        AzureActiveDirectory.clientSecret = "********";
        AzureActiveDirectory.resource = "https://management.azure.com/";

        try
        {


            AuthenticationResult token = await AzureActiveDirectory.GetS2SAccessTokenForProdMSAAsync();

            HttpClient client = new HttpClient();
            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Authorization", "Bearer " + token.AccessToken);
            var resp = await client.GetAsync("https://management.azure.com/subscriptions/*******/resourceGroups/MYSQL/providers/Microsoft.DBforMySQL/servers/shoplister/firewallRules?api-version=2017-12-01");

            Console.WriteLine(resp.StatusCode.ToString());
            Console.WriteLine();

        }
        catch (Exception e) { Console.WriteLine(e); }

    ---------------更改后,现在未经授权------------

    enter image description here

    1 回复  |  直到 7 年前
        1
  •  0
  •   juunas    7 年前

    我正在整理我们讨论的要点,这些要点导致了一个解决方案:

    • 使用 https://management.azure.com 作为 resource
    • https://login.microsoftonline.com/tenant-id-here/ 作为授权(您也可以使用已验证的域名而不是id)。这定义了您针对哪个AAD租户进行身份验证
    • 必须将访问令牌附加到 new AuthenticationHeaderValue("Bearer", token.AccessToken) 在C#中,以便生成的标头 Authorization: Bearer tokengoeshere
    推荐文章
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号