Azure API管理返回状态500,启用“要求”要求“要求”关于Azure功能企业应用程序属性
我有一个应用程序,我需要通过APIM以及通过Azure AD身份验证直接访问API。启用所需切换的分配后,我再也无法通过APIM获得预期响应。
我已经完成了在列出的azure函数中添加应用程序角色的步骤API-App-Registration“ rel =“ nofollow noreferrer”>在此,授予APIM应用程序注册的上述角色,并授予该APP注册管理员同意指定角色。在授予APIM应用程序注册之后,在用户/应用程序列表中显示了我需要访问的Azure功能的企业应用程序中所期望的,但是我仍然会收到状态500响应。
如果我将“所需分配”切换回“否”,我可以再次通过APIM访问API,但是直接访问API的应用程序不再限于选定的用户。
我需要直接访问API和APIM的原因是我将APIM与证书进行身份验证,在该验证中,我直接将API与Azure AD Authentication一起使用。如果有一种更有效的方法来使用两种形式的身份验证,我将非常愿意走这条路,但是我还没有看到另一个解决方案。
看来,跟踪返回,APIM的企业应用程序ID无法访问Azure函数。
"Authentication failed for Active Directory Tenant: 'https://login.windows.net/'","AADSTS501051: Application ''(ApiManagementProduction) is not assigned to a role for the application ''(FillDataAPIProduction).\r\nTrace ID: fcf459cd-7b76-4e84-a51d-ae5bd0c2ed00\r\nCorrelation ID: ad674aa5-4bd8-41fd-a293-ca43f1335c0d\r\nTimestamp: 2022-05-11 19:45:48Z"
I have an application where I need both access via APIM as well as directly to the API via Azure AD authentication. After enabling the Assignment required toggle I can no longer get an expected response via APIM.
I've gone through the steps of adding an app role in my azure function listed here , granting said role to the APIM app registration, and granting that app registration admin consent for the specified role. After granting the APIM app registration shows in the list of users/applications as I would expect in the enterprise application for the azure function it needs to access, but I still receive the status 500 response.
If I toggle the "Assignment required" back to "No" I can immediately access the api via APIM again, but the application with direct access to the api is no longer restricted to selected users.
The reason I need access to both the API directly and APIM is I am using APIM with certificates to authenticate, where I use the API directly with azure AD authentication. If there is a more efficient way to use both forms of authentication I would be more than willing to go that route, I however have yet to see another solution.
It appears that the trace returns that the Enterprise application id of the APIM does not have access to the azure function.
"Authentication failed for Active Directory Tenant: 'https://login.windows.net/'","AADSTS501051: Application ''(ApiManagementProduction) is not assigned to a role for the application ''(FillDataAPIProduction).\r\nTrace ID: fcf459cd-7b76-4e84-a51d-ae5bd0c2ed00\r\nCorrelation ID: ad674aa5-4bd8-41fd-a293-ca43f1335c0d\r\nTimestamp: 2022-05-11 19:45:48Z"
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
PLESE检查以下步骤是否有助于:
。 >根据此 Microsoft文档,如果未分配客户端应用程序的任何应用程序角色,则Azure Active Directory返回此类错误消息。
示例:
步骤1 :在{API GUID}上添加新的应用程序角色:
此处Strong>步骤2 :分配应用程序{API GUID}此角色并提供管理员同意,以便应用程序注册(API GUID)具有为用户创建访问令牌的作用。
Plese check if the below steps help to:
According to this Microsoft Documentation, If a client application hasn't been assigned any app roles, then Azure Active Directory returns this kind of error message.
Example:
Step 1: Add a new app role on {API GUID}:
Step 2: Assign the App {API GUID} this role and also provide the admin consent so that App Registration (API GUID) got a role to create access token for the users.