根据官方手册实现测试windows应用: https ://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-native-client-application
以下代码是结果:
IPublicClientApplication clientApp = PublicClientApplicationBuilder
.Create("Native App Client Id")
.WithRedirectUri("http://localhost")
.WithAuthority("https://login.microsoftonline.com/"My Tenant ID"")
.Build();
Microsoft.Identity.Client.AuthenticationResult authResult = null;
var accounts = await clientApp.GetAccountsAsync();
IAccount account = accounts.FirstOrDefault();
IEnumerable<string> scopes = new string[] { "api://"APP Proxy Uri"/user_impersonation" };
try
{
authResult = await clientApp.AcquireTokenSilent(scopes, account).ExecuteAsync();
}
catch (MsalUiRequiredException ex)
{
authResult = await clientApp.AcquireTokenInteractive(scopes).ExecuteAsync();
}
if (authResult != null)
{
HttpClient httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
HttpResponseMessage response = await httpClient.GetAsync("App Proxy based URL"+ "/api/values");
一切正常,直到带有令牌的 HTTP 请求被重定向到 login.microsoft.com: 错误
将 URI 重定向到 login.microsoft.com:{https://login.microsoftonline.com/9966XXXXXXXXXXXXXXXXXXXXXXXX/oauth2/authorize?response_type=code&client_id=XXXXXXXXXXXX&scope=openid&nonce=983XXXXXXXXXXXXXX&redirect_uri=https:%2f%2fXXXXXXX.msappproxy.net%2f&state=AppProxyState :{"InvalidTokenRetry":true%2c"IsMsofba":false%2c"OriginalRawUrl":"https:%5c%2f%5c%2fXXXXXXXXXXXXXXX.msappproxy.net%5c%2fapi%5c%2fvalues"%2c"RequestProfileId": "XXXXXXXXX"}%23EndOfStateParam%23&client-request-id=XXXXXXXX}
有什么想法有什么问题吗?浏览器访问工作正常,JWT 令牌也完全有效并且被正确传递。