我一直在按照本教程创建守护程序应用程序,使用 CIAM 租户使用自己的身份调用自定义 Web API。 https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/blob/main/2-Authorization/3-call-own-api-dotnet-core-daemon/README.md
一切正常,这是我目前面临的问题。
// Get the Token acquirer factory instance. By default it reads an appsettings.json
// file if it exists in the same folder as the app (make sure that the
// "Copy to Output Directory" property of the appsettings.json file is "Copy if newer").
var tokenAcquirerFactory = TokenAcquirerFactory.GetDefaultInstance();
默认TokenAcquirerFactory.GetDefaultInstance();读取 appsettings.json,而不是我想使用我自己的 azure 应用程序配置。我能够更改以下内容
tokenAcquirerFactory.Services.AddDownstreamApi(ServiceName,
tokenAcquirerFactory.Configuration.GetSection("DownstreamApi"));
到
tokenAcquirerFactory.Services.AddDownstreamApi(ServiceName,
config.GetSection("DownstreamApi")); //this now successfuly reads section from azure app config which is static IConfigurationRoot config
我尝试了与默认令牌工厂相同的操作,但它不起作用 TokenAcquirerFactory.GetDefaultInstance(config.GetSection("AzureAd"));
我也尝试过:
tokenAcquirerFactory.Services.Configure<MicrosoftIdentityApplicationOptions>(option =>
{
config.GetSection("AzureAd").Bind(option);
});
和
tokenAcquirerFactory.Services.AddAuthentication(option =>
{
config.GetSection("AzureAd").Bind(option);
});
有什么方法可以覆盖此功能,我不想在 appsettings.json 中存储任何内容,如何更改此默认行为?
在 github 存储库所有者的一个小提示后,我设法让它工作。
static IConfigurationRoot config
builder.AddAzureAppConfiguration(options =>
{
options.Connect(configUrl)
.ConfigureKeyVault(kv =>
{
kv.SetCredential(new DefaultAzureCredential());
})
.ConfigureRefresh(refreshOptions =>
{
refreshOptions.Register("ApiApp:IsRefresh", true);
refreshOptions.SetCacheExpiration(TimeSpan.FromSeconds(60));
});
});
config = builder.Build();
var tokenAcquirerFactory = TokenAcquirerFactory.GetDefaultInstance();
tokenAcquirerFactory.Services.AddDownstreamApi(ServiceName,
config.GetSection("DownstreamApi"));
var clientDescription = new List<CredentialDescription>
{
new CredentialDescription { ClientSecret = config["ClientSecretRedemption"], SourceType = CredentialSource.ClientSecret }
};
tokenAcquirerFactory.Services.Configure<MicrosoftIdentityApplicationOptions>(options =>
{
options.Authority = config["AzureAdAuthority"];//seems like this is useless and needs to be hardcoded in appsettings.json anyway
{ options.ClientId = config["AzureAdClientId"]; }; { options.ClientCredentials = clientDescription; } }) ;
并且 apsettings json 需要保持这样,否则如果删除硬编码权限,并且删除整个文件 TokenAcquirerFactory.GetDefaultInstance() 将抛出 Failed to load configuration from file 异常,则会出现对象引用异常。这并不理想,但仍然可以安全地从云端加载该值,而不是在应用程序中获取实际值。
{
"AzureAd": {
"Authority": "https://{yourtenanthere}.ciamlogin.com",
"ClientId": "",
"ClientCredentials": [
{
"SourceType": "",
"ClientSecret": ""
}
]
}
}