我有一个内部报告应用程序,我在系统环境中运行它?我想使用本地Azure广告标识连接并验证已配置为Azure AD集成的应用程序。看起来设备上有一个从Azure AD域加入注册的证书-但我如何使用该证书来获取函数应用程序的令牌?
ubof19bj1#
要使用Azure AD Joined App或Azure AD应用启用Function App身份验证,请参阅以下步骤:-x1c 0d1x的数据在密钥保管库中添加Azure AD证书,并通过访问策略或RBAC向Azure AD应用程序给予访问证书的权限,请参阅此处。
然后在Powershell函数HTTP触发器中运行以下代码:-
using namespace System.Security.Cryptography.X509Certificates # Define your AppId, TokenURI, and Resource $AppId = "xxxxb838-6d26a31435cb" $TokenURI = "https://login.microsoftonline.com/7xxxxf3b-4425-a6b6-09b47643ec58/oauth2/token" $Resource = "https://management.core.windows.net/" # Define the URL of the certificate stored in Azure Key Vault $CertificateUrl = "https://your-keyvault.vault.azure.net/secrets/your-certificate-secret" # Prepare the body request $BodyRequest = @{ grant_type = "client_credentials" client_id = $AppId client_assertion_type = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" client_assertion = [System.Convert]::ToBase64String((Get-AzKeyVaultCertificateOperation -VaultName "your-keyvault" -CertificateName "your-certificate-name").Result) resource = $Resource } $AccessToken = Invoke-RestMethod -Method Post -Uri $TokenURI -Body $BodyRequest # Now you can make the request to list all resources $SubscriptionId = "6912d7a0-bc28-459a-9407-33bbba641c07" $RequestURI = "https://management.azure.com/subscriptions/$SubscriptionId/resources?api-version=2021-04-01" $Headers = @{ Authorization = "Bearer " + $AccessToken.access_token } $ResourceRequest = Invoke-RestMethod -Method Get -Uri $RequestURI -Headers $Headers # Return the results as a response $Response = @{ StatusCode = 200 Body = $ResourceRequest.value | ConvertTo-Json }
字符串对于相同的场景,请参考此SO thread answer。
1条答案
按热度按时间ubof19bj1#
要使用Azure AD Joined App或Azure AD应用启用Function App身份验证,请参阅以下步骤:-
x1c 0d1x的数据
在密钥保管库中添加Azure AD证书,并通过访问策略或RBAC向Azure AD应用程序给予访问证书的权限,请参阅此处。
然后在Powershell函数HTTP触发器中运行以下代码:-
字符串
对于相同的场景,请参考此SO thread answer。