我在 Xamarin.Forms 应用程序中使用 Microsoft.Azure.Mobile.Client,因为我需要在应用程序中进行离线同步。在azure中,我在应用服务中配置了简单表,并且我需要只有经过身份验证的用户才能修改数据,因此我更改了表的权限,并为权限设置的所有选项设置仅经过身份验证的访问 .
在 AAD 上注册的应用
- 类型:原生
- 首页:https://appservice.azurewebsites.net/.auth/login/aad/callback
- 应用 ID:aca9a545-XXXXXXXXXX
- 允许的外部重定向 URL:https://appservice.azurewebsites.net/.auth/login/aad/callback
应用服务身份验证/授权
- 身份验证提供商:AAD
- 配置:高级
- 客户端 ID:aca9a545-XXXXXXXXXX
- 发行人网址:https://sts.windows.net/-tenant-id-
在应用程序中
我登录用户并使用此代码获取 token 。
string authority = "https://login.microsoftonline.com/common";
string resource = "https://graph.windows.net";
string clientId = "aca9a545-XXXXXXXXXX";
string returnUrl = "https://appservice.azurewebsites.net/.auth/login/aad/callback";
AuthenticationContext ac = new AuthenticationContext(authority);
AuthenticationResult authResult = await ac.AcquireTokenAsync(resource, clientId, new Uri(returnUrl), platformParameters);
这段代码很好,我得到了 token 值(它打开一个窗口,用户在其中输入凭据并登录)。
MobileServiceClient Client = new MobileServiceClient("https://appservice.azurewebsites.net");
string path = Path.Combine(MobileServiceClient.DefaultDatabasePath, "DATA_BASE_NAME");
MobileServiceSQLiteStore Store = new MobileServiceSQLiteStore(path);
Store.DefineTable<Turn>();
Client.SyncContext.InitializeAsync(Store, new MobileServiceSyncHandler());
IMobileServiceSyncTable<Turn> Table = Client.GetSyncTable<Turn>();
var token = new JObject
{
{ "access_token", authResult.AccessToken}
};
var res = await Client.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, token); // First thread: here throw exception
await Client.SyncContext.PushAsync(); // Second thread: if I skip previous line, here throw exception too
await Table.PullAsync($"allTurns", Table.CreateQuery());
这段代码是抛出异常的地方:
第一个线程异常:请求无法完成。 (未经授权)
Request Method: POST, RequestUri: 'https://appservice.azurewebsites.net/.auth/login/aad', Version: 2.0, Content: System.Net.Http.StringContent, Headers: { X-ZUMO-INSTALLATION-ID: e8d8a571-fa9b-4ee8-905b-ca911c3d7d99 Accept: application/json User-Agent: ZUMO/3.1 User-Agent: (lang=Managed; os=Windows Store; os_version=--; arch=X86; version=3.1.50105.0) X-ZUMO-VERSION: ZUMO/3.1 (lang=Managed; os=Windows Store; os_version=--; arch=X86; version=3.1.50105.0) Accept-Encoding: gzip Content-Type: application/json; charset=utf-8 Content-Length: 1736 }
Response StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers: { Set-Cookie: ARRAffinity=3911b1a0a4e4b012ff96f14ba9eb0231188f4dbe20b460dfa5c4e0166d608ed2;Path=/;HttpOnly;Domain=ghc-devtest-appservice.azurewebsites.net Date: Wed, 29 Nov 2017 16:19:31 GMT WWW-Authenticate: Bearer realm="appservice.azurewebsites.net" X-Powered-By: ASP.NET Content-Length: 242 Content-Type: application/json }
第二个线程异常:Microsoft.WindowsAzure.MobileServices.Sync.MobileServicePushFailedException:推送操作失败。有关详细信息,请参阅 PushResult。
PushResult.Status:Microsoft.WindowsAzure.MobileServices.Sync.MobileServicePushStatus.CancelledByAuthenticationError
PushResult.Errors:空
最佳答案
Method: POST, RequestUri: 'https://appservice.azurewebsites.net/.auth/login/aad', Version: 2.0, Content: System.Net.Http.StringContent, Headers: { X-ZUMO-INSTALLATION-ID: e8d8a571-fa9b-4ee8-905b-ca911c3d7d99 Accept: application/json User-Agent: ZUMO/3.1 User-Agent: (lang=Managed; os=Windows Store; os_version=--; arch=X86; version=3.1.50105.0) X-ZUMO-VERSION: ZUMO/3.1 (lang=Managed; os=Windows Store; os_version=--; arch=X86; version=3.1.50105.0) Accept-Encoding: gzip Content-Type: application/json; charset=utf-8 Content-Length: 1736 }
根据Authenticate users with the Active Directory Authentication Library ,如果您尚未配置允许 token 受众,则需要将资源
替换为移动应用后端的客户端ID。
您已在代码中创建了 https://graph.windows.net
资源。因此,您需要在屏幕截图中的红色矩形位置添加 https://graph.windows.net
,如下所示。
您还可以使用 this解码您的访问 token 并验证它是否包含 https://graph.windows.net
访问权限。
关于azure - 使用 UWP 中的 Azure 移动客户端 LoginAsync 方法进行身份验证 - 未经授权,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47560361/