我想使用Azure AD向我的应用程序添加身份验证
I want to add authentication to my app using Azure AD
现在我的流程就像
用户-> AngularApp-> Azure登录->带有令牌的AngularApp->调用带有令牌的后端API->每次调用API后端都会使用Azure验证令牌
User -> AngularApp -> Azure Login -> AngularApp w/token -> API Call to backend w/token -> API Backend verifies token with Azure each call
我有以下问题:
推荐答案
有更好的方法吗?
Is there a better way to do this?
这是标准方式.
每个API调用均经过天蓝色验证.是必需的吗?
Every API call is verified with azure. Is is required?
您的API后端不会每次都使用AAD验证令牌. 它将在启动时下载Azure AD的公共签名密钥(如果使用标准组件),并使用它们来验证令牌.
Your API back-end does not verify the token with AAD each time. It downloads the public signing keys for Azure AD at startup (if you use standard components), and verifies the token using them.
我应该为UI和API使用两个不同的客户端ID吗?
Should i have two different client id for UI and API?
通过新的App注册体验创建v2应用程序时,可以很好地在单个应用程序中定义前端和后端API. 您还可以将它们定义为单独的应用.
When you make a v2 application through the new App registrations experience, you can define the front-end and back-end API in a single app quite nicely. You can also define them as separate apps.
更多推荐
带有Angular和.NETCore2 WEBAPI的Azure AD Auth
发布评论