具有Azure功能的移动应用程序中的身份验证
我正在尝试为我的xamarin应用程序开发无服务器后端.为此,我选择了 azure函数. 现在我已经知道 Azure移动应用为此提供了 SDK ,我们可以通过以下多种方式轻松地启用身份验证 1. Azure Active Directiry 2. Facebook 3.谷歌 4.微软 5. Twitter
I am trying to develop a serverless backend for my xamarin app. and for that I chose azure functions. Now I already know that Azure Mobile Apps provide an SDK for this purpose with which we can easily enable Authentication with multiple ways which are following 1. Azure Active Directiry 2. Facebook 3. Google 4. Microsoft 5. Twitter
现在,我想允许在我的应用程序中使用其中至少2个登录,但是我不使用azure移动应用程序作为后端,而是使用azure函数.那么如何在无服务器的情况下实现相同的结果呢?
Now I want to allow login with atleast 2 of these in my app, but I am not using azure mobile app as backend, instead I am using azure functions. So how can I achieve the same result with serverless?
谢谢.
AFAIK,当使用Easy Auth(App Service中的身份验证/授权)时,用户将被引导到{your-app-service-url}/.auth/login/{provider}进行
AFAIK, when using Easy Auth (Authentication/Authorization in App Service), the user would be directed to {your-app-service-url}/.auth/login/{provider} for logging with Server-managed authentication. Users who interact with your web application through the web browser would have a cookie and they can remain authenticated as the browser your web application. For other clients (e.g. mobile client), a JWT would be contained in the x-zumo-auth header, and the Mobile Apps client SDK would handle it for you.
根据您的方案,您正在尝试将基于用户的身份验证与您的功能一起使用.我做了一些测试,您可以参考一下它们:
According to your scenario, you are trying to use user-based authentication with your function. I did some test, you could refer to them:
首先,我创建了一个用C#编写的HttpTrigger函数,然后将授权"级别设置为匿名".
Firstly, I created a HttpTrigger function wrote in C#, then set the Authorization level to Anonymous.
return req.CreateResponse(HttpStatusCode.OK, req.Headers,JsonMediaTypeFormatter.DefaultMediaType);
注意:我只返回带有App Service身份验证/身份验证指定的特殊标头的所有标头.一些示例标头包括:
Note: I just return all headers with the special headers specified by App Service Authentication / Authentication. Some example headers include:
- X-MS-CLIENT-PRINCIPAL-NAME
- X-MS-CLIENT-PRINCIPAL-ID
- X-MS-令牌-MICROSOFTACCOUNT-ACCESS-TOKEN
- X-MS-令牌-MICROSOFTACCOUNT-EXPIRES-ON
有关更多详细信息,您可以参考应用服务令牌存储.
For more details, you could refer to App Service Token Store.
然后,我转到平台"功能并在身份验证/授权"下配置Microsoft身份验证提供程序.对于移动客户端,只需使用Mobile Apps客户端SDK进行记录并按如下所示调用功能端点:
Then I go to Platform features and configure the Microsoft Authentication Provider under Authentication / Authorization. For mobile client, just use the Mobile Apps client SDK for logging and invoke the function endpoint as follows:
总而言之,您可以使用Mobile Apps Client SDK来对功能应用程序进行身份验证.然后,您可以根据需要配置身份验证提供程序,然后对于移动客户端,可以在调用LoginAsync进行记录时设置相关的提供程序名称.对于您的功能,您可以检查X-MS-CLIENT-PRINCIPAL-IDP标头并检索特定提供者的当前用户信息和令牌.
In summary, you could use the Mobile Apps client SDK for authentication with your function app. And you could configure the Authentication Providers as you wish, then for your mobile client you could set the related provider name when calling LoginAsync for logging. For your function, you could check the X-MS-CLIENT-PRINCIPAL-IDP header and retrieve the current user info and token for the specific provider.