azure mysql http rest api获取json web令牌

uqzxnwby  于 2021-06-23  发布在  Mysql
关注(0)|答案(5)|浏览(426)

我正在尝试通过httprestapi连接到我的azuremysql(https://docs.microsoft.com/en-us/rest/api/mysql/)没有成功。问题是我无法从我的web应用程序中获取jsonweb令牌。情况:
azure web应用-----rest api---->azure mysql
我想我需要'注册'这个mysql服务器资源在活动目录,但似乎我不能这样做。
我遵循了这个教程(https://blogs.msdn.microsoft.com/jpsanders/2017/03/17/accessing-azure-app-services-using-azure-ad-bearer-token-2)但是我有同样的问题:我不能在azureactivedirectory中注册mysql。
那么,如何获得mysql httprestapi的jsonweb令牌呢?
谢谢!
--------mysql资源(非mysql服务器)的ad专用角色--

k0pti3hp

k0pti3hp2#


//
// https://blogs.msdn.microsoft.com/jpsanders/2017/03/17/accessing-azure-app-services-using-azure-ad-bearer-token-2/
//
public static class AzureActiveDirectory
{
    // the AD Authority used for login.  For example: https://login.microsoftonline.com/myadnamehere.onmicrosoft.com 
    public static string authority = "";
    // the Application ID of this app.  This is a guid you can get from the Advanced Settings of your Auth setup in the portal
    public static string clientId = "";
    // the key you generate in Azure Active Directory for this application
    public static string clientSecret = "";
    // the Application ID of the app you are going to call.This is a guid you can get from the Advanced Settings of your Auth setup for the targetapp in the portal
    public static string resource = "";

    static public async Task<AuthenticationResult> GetS2SAccessTokenForProdMSAAsync()
    {
        var task =  await GetS2SAccessToken(authority, resource, clientId, clientSecret);
        return task;
    }

    static async Task<AuthenticationResult> GetS2SAccessToken(string authority, string resource, string clientId, string clientSecret)
    {
        var clientCredential = new ClientCredential(clientId, clientSecret); 
        AuthenticationContext context = new AuthenticationContext(authority, false); 
        AuthenticationResult authenticationResult = await context.AcquireTokenAsync(
            resource,  // the resource (app) we are going to access with the token
            clientCredential);  // the client credentials
        return authenticationResult; 
    }

}

  AzureActiveDirectory.authority = "https://login.microsoftonline.com/********/";
        AzureActiveDirectory.clientId = "********";                                             
        AzureActiveDirectory.clientSecret = "********";
        AzureActiveDirectory.resource = "https://management.azure.com/";

        try
        {

            AuthenticationResult token = await AzureActiveDirectory.GetS2SAccessTokenForProdMSAAsync();

            HttpClient client = new HttpClient();
            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Authorization", "Bearer " + token.AccessToken);
            var resp = await client.GetAsync("https://management.azure.com/subscriptions/*******/resourceGroups/MYSQL/providers/Microsoft.DBforMySQL/servers/shoplister/firewallRules?api-version=2017-12-01");

            Console.WriteLine(resp.StatusCode.ToString());
            Console.WriteLine();

        }
        catch (Exception e) { Console.WriteLine(e); }
stszievb

stszievb4#

-----更改后现在未经授权

xmd2e60i

xmd2e60i5#

我将我们的讨论中的要点汇编成一个解决方案:
使用 https://management.azure.com 作为 resource 获取访问令牌时的标识符
使用 https://login.microsoftonline.com/tenant-id-here/ 作为授权(您也可以使用已验证的域名而不是id)。这定义了对哪个aad租户进行身份验证
访问令牌必须附加 new AuthenticationHeaderValue("Bearer", token.AccessToken) 在c#中,因此生成的头是 Authorization: Bearer tokengoeshere 最后,确保您已将权限授予正确的应用程序。可以有同名或类似名称的应用程序。

相关问题