Azure Active Directory身份验证功能应用程序

本文介绍了Azure Active Directory身份验证功能应用程序的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在通过以下URL对功能应用程序进行Azure活动目录身份验证 www.c-sharpcorner/article/secure-azure-function-with-azure-ad/

I am doing azure active directory authentication for function app by following below URL www.c-sharpcorner/article/secure-azure-function-with-azure-ad/

但是当我通过功能应用程序访问我的网址时 它给了我未经授权的其他权限

But when i hitting my url through function app It is giving unauthorized do i need to do anything else

请找到以下屏幕截图.

感谢您的帮助

推荐答案

如果您的azure函数身份验证级别为匿名或也需要函数密钥，则可以使用访问令牌直接访问Azure函数API.详细步骤如下.

We could use the access token to access your Azure function API directly if your azure function authentication level is anonymous or function key is also required. The detailed steps are as below.

为Azure功能配置Azure AD.请参考 docs.microsoft/zh-cn/azure/azure-functions/functions-how-to-use-azure-function-app-settings#auth .

获取访问令牌

我使用以下代码从使用clientID和clientSecret的AAD获取访问令牌:

I get an access token from AAD using clientID and clientSecret using the following code:

METHOD: POST Url : login.microsoftonline/your directory ID/oauth2/token HEADERS: Content-Type : application/x-www-form-urlencoded BODY: grant_type+=client_credentials&resource+="your Function url"&client_id+++++="the application that your register id"&client_secret+="the key you create"

请注意，根据Azure资源门户网站( resources.azure/ )，默认的allowAudiences为

Please note that according to the Azure Resources portal (resources.azure/), the default allowedAudiences is

{functionAppName}.azurewebsites/.auth/login/aad/callback

所以我添加了{functionAppName}.azurewebsites/作为允许的受众.

So I added the {functionAppName}.azurewebsites/ as allowed audiences.

然后，我可以直接使用访问令牌.我用邮递员对其进行了测试:

Then I can use the access token directly. I tested it with Postman:

请注意，如果您的azure功能认证级别不是匿名的，则需要添加功能密钥

Please note that if your azure function authentication level is not anonymous, you need to add the function key