Azure API Authentication

2019-01-27 05:15发布

问题:

I am using Azure API's in C# code and used below libraries

using Microsoft.Rest; using Microsoft.Rest.Azure.Authentication;

using Microsoft.Azure.Management.DataLake.Store;

using Microsoft.Azure.Management.DataLake.StoreUploader;

using Microsoft.Azure.Management.DataLake.Analytics;

using Microsoft.Azure.Management.DataLake.Analytics.Models;

using Microsoft.WindowsAzure.Storage.Blob;

To create connection with Azure,

    private static ServiceClientCredentials AuthenticateAzure(string domainName, string nativeClientAppCLIENTID)
    {
        // User login via interactive popup
        SynchronizationContext.SetSynchronizationContext(new SynchronizationContext());
        // Use the client ID of an existing AAD "Native Client" application.
        var activeDirectoryClientSettings = ActiveDirectoryClientSettings.UsePromptOnly(nativeClientAppCLIENTID, new Uri("urn:ietf:wg:oauth:2.0:oob"));
        return UserTokenProvider.LoginWithPromptAsync(domainName, activeDirectoryClientSettings).Result;
    }

Through this I got the popup, which ask my credentials. I don't want this pop-up appears every time. Is there any way to come up with this thing beside creating Azure app?

======================================

I have application ID, TenantId and other thing. Will this help me to authenticate to azure without prompt?

回答1:

We can use the function UserTokenProvider.LoginSilentAsync(nativeClientAppClientid, domainName, userName, password) to get our credentials without pop-up. It works fine for me, the following is my test code. How to registry WebApp please refer to the document.

    static void Main(string[] args)
    {
        var certificate = AuthenticateAzure("your domain name", "Ad App client ID", "username", "password");
    }

    /// <summary>
    ///  Log in to azure active directory in non-interactive mode using organizational
    //   id credentials and the default token cache. Default service settings (authority,
    //   audience) for logging in to azure resource manager are used.
    /// </summary>
    /// <param name="domainName"> The active directory domain or tenant id to authenticate with</param>
    /// <param name="nativeClientAppClientid">  The active directory client id for this application </param>
    /// <param name="userName"> The organizational account user name, given in the form of a user principal name  (e.g. user1@contoso.org).</param>
    /// <param name="password"> The organizational account password.</param>
    /// <returns>A ServiceClientCredentials object that can be used to authenticate http requests  using the given credentials.</returns>
    private static ServiceClientCredentials AuthenticateAzure(string domainName, string nativeClientAppClientid,string userName,string password)
    {
       return UserTokenProvider.LoginSilentAsync(nativeClientAppClientid, domainName, userName, password).Result;
    }

Update:

More details steps about how to registry AD App and assign role to application, please refer to document. After that we can get tenantId, appId, secretKey from the Azure Portal. Then we can use Microsoft.IdentityModel.Clients.ActiveDirectory SDK to get token for api authentication.

Demo code:

var subscriptionId = "Your subscrption";
var appId = "Registried Azure Application Id";
var secretKey = "Secret Key";
var tenantId = "tenant Id";
var context = new AuthenticationContext("https://login.windows.net/" + tenantId);
ClientCredential clientCredential = new ClientCredential(appId, secretKey );
var tokenResponse = context.AcquireTokenAsync("https://management.azure.com/", clientCredential).Result;
var accessToken = tokenResponse.AccessToken;
using (var client = new HttpClient())
{
    client.DefaultRequestHeaders.Add("Authorization", "Bearer " + accessToken); 
    client.BaseAddress = new Uri("https://management.azure.com/");
    // Now we can party with our HttpClient!
}