Web 应用程序使用 Microsoft.Identity.Web 调用具有不同 ClientId 的多个 API

编程问答 2022-04-22

问题描述

我正在编写一个 Web 应用程序,它需要调用两个 API(OrderApi 和 ProductApi)。我需要在调用每个 Api 时传递不记名令牌。为每个 Api 生成不记名令牌的客户端 ID (AAD Id) 是不同的。我发现为这两个不同的客户端 ID 配置身份验证很困难。

AppSetting.json

" "

代码配置:

  "AzureAd1": {
    "Instance": "xxxxxxx","ClientId": "ClientId-1","TenantId": "xxxxx","ClientSecret": ""
  },"AzureAd2": {
    "Instance": "xxxxxxx","ClientId": "ClientId-2","ClientSecret": ""
  }

上述身份验证指的是 appsettings 中的“AzureAd1”,它将用于为 Order Api 生成不记名令牌。如何添加身份验证以读取“AzureAd2”设置并为 Prodcut Api 生成令牌?

调用 Web Api1:

        services.AddHttpClient<IOrderService,OrderService>(c =>
        {
            c.BaseAddress = new Uri("https://orderapitest.azurewebsites.net/");
            c.DefaultRequestHeaders.Add("Accept","application/vnd.github.v3+json");
            c.DefaultRequestHeaders.Add("User-Agent","HttpClientFactory-Sample");
        });

        services.AddHttpClient<IProductService,ProductService>(c =>
        {
            c.BaseAddress = new Uri("https://prodcutapitest.azurewebsites.net/");
            c.DefaultRequestHeaders.Add("Accept","HttpClientFactory-Sample");
        });

        services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
            .AddMicrosoftIdentityWebApp(appsettingsConfig,"AzureAd1")
            .EnabletokenAcquisitionToCallDownstreamApi(new string[] { "user.read" })
            .AddDownstreamWebApi("OrderApi",appsettingsConfig.GetSection("OrderApiUrl"))
            .AddInMemoryTokenCaches();

Web Api2:

public class OrderService : IOrderService
{
    private readonly HttpClient _httpClient;
    private readonly ITokenAcquisition _tokenAcquisition;

    public OrderService(HttpClient client,ITokenAcquisition tokenAcquisition)
    {
        this._httpClient = client;
        this._tokenAcquisition = tokenAcquisition;
    }

    public async Task<HttpResponseMessage> GetData(string requestUrl)
    {
        string[] scopes = new string[] { "user.read" };
        string accesstoken = await this._tokenAcquisition.GetAccesstokenForUserAsync(scopes);

        // Use the access token to call a protected web API.
        HttpClient httpClient = new HttpClient();
        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer",accesstoken);

        return await httpClient.GetAsync($"{OrderApi}/Getorder");
    }
}

以上代码,OrderService 和 ProdcutService,使用“AzureAd1”设置生成不记名令牌。我希望 OrderService 应该使用“AzureAd1”和 ProdcutService 使用“AzureAd2”生成不记名令牌。 tokenAquisition 应该为相应的设置(clientid 和 secret)生成不记名令牌并调用 api。我该怎么做?

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

asp.net-coreazure-web-app-servicedependency-injectionmicrosoft-identity-platformmicrosoft-identity-web