0

我正在编写一个需要调用两个 API(OrderApi 和 ProductApi)的 Web 应用程序。我需要在调用每个 Api 时传递不记名令牌。客户端 id (AAD Id) 是不同的,用于为每个 Api 生成不记名令牌。我发现很难为这两个不同的客户端 ID 配置身份验证。

应用设置.json

  "AzureAd1": {
    "Instance": "xxxxxxx",
    "ClientId": "ClientId-1",
    "TenantId": "xxxxx",
    "ClientSecret": ""
  },
  "AzureAd2": {
    "Instance": "xxxxxxx",
    "ClientId": "ClientId-2",
    "TenantId": "xxxxx",
    "ClientSecret": ""
  }

代码配置:

        services.AddHttpClient<IOrderService, OrderService>(c =>
        {
            c.BaseAddress = new Uri("https://orderapitest.azurewebsites.net/");
            c.DefaultRequestHeaders.Add("Accept", "application/vnd.github.v3+json");
            c.DefaultRequestHeaders.Add("User-Agent", "HttpClientFactory-Sample");
        });

        services.AddHttpClient<IProductService, ProductService>(c =>
        {
            c.BaseAddress = new Uri("https://prodcutapitest.azurewebsites.net/");
            c.DefaultRequestHeaders.Add("Accept", "application/vnd.github.v3+json");
            c.DefaultRequestHeaders.Add("User-Agent", "HttpClientFactory-Sample");
        });

        services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
            .AddMicrosoftIdentityWebApp(appsettingsConfig, "AzureAd1")
            .EnableTokenAcquisitionToCallDownstreamApi(new string[] { "user.read" })
            .AddDownstreamWebApi("OrderApi", appsettingsConfig.GetSection("OrderApiUrl"))
            .AddInMemoryTokenCaches();

上述身份验证是指来自 appsettings 的“AzureAd1”,它将用于为 Order Api 生成不记名令牌。如何添加身份验证以读取“AzureAd2”设置并为 Prodcut Api 生成令牌?

调用 Web Api1:

public class OrderService : IOrderService
{
    private readonly HttpClient _httpClient;
    private readonly ITokenAcquisition _tokenAcquisition;

    public OrderService(HttpClient client, ITokenAcquisition tokenAcquisition)
    {
        this._httpClient = client;
        this._tokenAcquisition = tokenAcquisition;
    }

    public async Task<HttpResponseMessage> GetData(string requestUrl)
    {
        string[] scopes = new string[] { "user.read" };
        string accessToken = await this._tokenAcquisition.GetAccessTokenForUserAsync(scopes);

        // Use the access token to call a protected web API.
        HttpClient httpClient = new HttpClient();
        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

        return await httpClient.GetAsync($"{OrderApi}/GetOrder");
    }
}

网络 API2:

public class ProductService : IProductService
{
    private readonly HttpClient _httpClient;
    private readonly ITokenAcquisition _tokenAcquisition;

    public ProductService(HttpClient client, ITokenAcquisition tokenAcquisition)
    {
        this._httpClient = client;
        this._tokenAcquisition = tokenAcquisition;
    }

    public async Task<HttpResponseMessage> GetData(string requestUrl)
    {

        string[] scopes = new string[] { "user.read" };
        string accessToken = await this._tokenAcquisition.GetAccessTokenForUserAsync(scopes);

        // Use the access token to call a protected web API.
        HttpClient httpClient = new HttpClient();
        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

        return await httpClient.GetAsync($"{ProductApi}/GetProduct");

    }
}

上面的 OrderService 和 ProdcutService 代码使用“AzureAd1”设置生成不记名令牌。我希望 OrderService 应该使用“AzureAd1”和 ProdcutService 使用“AzureAd2”生成不记名令牌。tokenAquisition 应该为相应的设置(clientid 和 secret)生成不记名令牌并调用 api。我怎么做?

4

0 回答 0