问题描述
Azure Traffic Manager是否可以与移动应用程序一起专门用于社交登录?我已经配置了一个流量管理器和两个应用程序服务(例如mobileapp1和mobileapp2)来使用它,它们似乎与邮递员和响应工作得很好,并且一切正常.现在,我已经在xamarin客户端应用程序中将流量管理器的URL声明为客户端,并且当我登录到Azure时,该应用程序将引发异常.登录facebook后,当我使用此行将令牌传递给服务器时
var user = await client.LoginAsync(MobileServiceAuthenticationProvider.Facebook, token);
它在此行引发异常,表明操作无效.
继续对此提出疑问..我有两个移动应用程序与一个流量管理器连接.他们两个都配置了facebook登录名.那么,它应该工作吗?如果在用户注册时将他/她重定向到mobileapp1并在那里进行了Azure身份验证,而在随后的某些尝试中,将用户重定向到mobileapp2,会发生什么情况. mobileapp2的身份数据库是否了解用户?这是当我使用移动应用而非B2C随附的身份验证服务时.
根据您的代码,您正在使用使用Azure Mobile Apps进行客户端管理的身份验证.对于诸如移动客户端类型之类的App Service身份验证/授权,将向客户端颁发JSON Web令牌(JWT),并在向移动后端发送请求时将其显示在x-zumo-auth
标头中.有关更多详细信息,您可以参考身份验证在App Service中的工作方式.这是在移动应用程序中使用Azure流量管理器时的JWT令牌,我们可以使用 jwt.io 来解码令牌:
对于JWT令牌,它将使用WEBSITE_AUTH_SIGNING_KEY
环境变量对audience
,issuer
,Claims
进行签名.有关更多详细信息,您可以参考此处有关如何对应用程序使用自定义身份验证.
每个移动应用都有不同的WEBSITE_AUTH_SIGNING_KEY
,您可以使用 kudu 并单击环境以找到它.而且,我尝试将两个移动应用程序更新为使用相同的签名密钥,但由于未获得许可而失败.
您的LoginAsync
将发送以下请求:
POST https://<yourname>.trafficmanager.net/.auth/login/facebook
Body {"access_token":"<access_token_from_facebook>"}
您可以使用提琴手捕获网络跟踪.
对于自定义身份验证,您可以在web.config文件中配置符号密钥.为了进行社交登录并使用azure提供的身份验证,您无法在不同的移动应用之间共享签名密钥.此外,如果将Routing method
设置为Geographic
并且您的移动应用程序位于不同的地理位置,则我认为您的方案可能会按预期工作.
UPDATE1:
经过一些试验,我发现您可以在移动应用程序的设置>应用程序设置"刀片下指定WEBSITE_AUTH_SIGNING_KEY
设置,以覆盖WEBSITE_AUTH_SIGNING_KEY
环境变量,如下所示:
注意:签名密钥必须为SHA-256哈希字符串,您可以在两个移动应用之间同步密钥或生成自定义密钥.配置设置后,您可以利用kudu检查最新的WEBSITE_AUTH_SIGNING_KEY
.
UPDATE2:
作为正式的文档提到了有关流量路由方法 Performance 的信息,如下所示:
我做了一些测试,您可以参考一下.这是我的流量管理器配置文件下的端点:
注意:我的两个移动应用为我的MSA身份验证配置了相同的Client Id
,并在设置>应用程序设置"下为编码/解码令牌设置了相同的WEBSITE_AUTH_SIGNING_KEY
值./p>
对于我的/api/values
API端点,我只返回了WEBSITE_HOSTNAME
环境变量,如下所示:
return Request.CreateResponse(new { WEBSITE_HOSTNAME =Environment.GetEnvironmentVariable("WEBSITE_HOSTNAME") });
对于 Performance 路由方法,我的所有请求都将路由到bruce-mobile02.azurewebsites.net
:
对于加权路由方法,我为两个端点配置了相同的WEIGHT.根据我的测试,具有与x-zumo-auth
标头值附加的AuthenticationToken
相同的请求以进行授权的请求将被路由到我的两个端点,如下所示:
Can Azure Traffic Manager be used with Mobile Apps specially with social login? I have configured a traffic manager and two app services (say, mobileapp1 and mobileapp2) to work with it.They seem to work pretty nice with postman and the response and everything is working. Now, I have declared traffic manager's URL as client in xamarin client app and the app throws exception when I am logging in into azure. After logging in facebook, when I am passing the token to server using this line
var user = await client.LoginAsync(MobileServiceAuthenticationProvider.Facebook, token);
it throws an exception at this line saying invalid operation.
In continuation to this doubt.. I have two mobile apps connected with one traffic manager. Both of them have facebook login configured. So, is it supposed to work? What happens if, when the user is registering he/she is redirected to mobileapp1 and azure authentication is done there while in some subsequent attempts user is redirected to mobileapp2. Does the identity database of mobileapp2 know about the user? This is when I am using the authentication service that comes with mobile app and not B2C.
Based on your code, you are using Client-managed authentication with Azure Mobile Apps. For App Service Authentication / Authorization, such as mobile client type, a JSON web token (JWT) would be issued to the client and the it would be presented in the x-zumo-auth
header when sending request to mobile backend. For more details, you could refer to How authentication works in App Service. Here is a JWT token when using Azure traffic manager with Mobile App, we could use jwt.io to decode the token:
For the JWT token, it would use the WEBSITE_AUTH_SIGNING_KEY
environment variable to sign audience
, issuer
, Claims
. For more details, you could refer to here about how to use custom authentication for your application.
Each Mobile App has the different WEBSITE_AUTH_SIGNING_KEY
, you could use kudu and click Environment to find the it. Moreover, I tried to update my two mobile apps to use the same sign key, but failed for no permission.
Your LoginAsync
would send the following request:
POST https://<yourname>.trafficmanager.net/.auth/login/facebook
Body {"access_token":"<access_token_from_facebook>"}
You could use fiddler to capture the network trace.
For custom authentication, you could configure the sign key in your web.config file. For social login and use the authentication provided by azure, you could no share the sign key between different mobile apps. Moreover, if you set Routing method
to Geographic
and your mobile apps are in different Geographic locations, I assume that your scenario may work as expected.
UPDATE1:
After some trials, I found you could specific the WEBSITE_AUTH_SIGNING_KEY
setting under the "SETTING > Application settings" blade of your mobile app to override the WEBSITE_AUTH_SIGNING_KEY
environment variable as follows:
Note: The signing key needs to be a SHA-256 hashed string, you could sync the key between your two mobile apps or generate your custom key. After configure the setting, you could leverage kudu to check the newest WEBSITE_AUTH_SIGNING_KEY
.
UPDATE2:
As the official documentation mentions about the traffic routing method Performance as follows:
I did some test, you could refer to it. Here is the Endpoints under my Traffic Manager profile:
Note: My two mobile apps have configured the same Client Id
for my MSA authentication and set the same WEBSITE_AUTH_SIGNING_KEY
value under "SETTINGS > Application settings" for encoding / decoding the token.
For my /api/values
API endpoint, I just return the WEBSITE_HOSTNAME
environment variable as follows:
return Request.CreateResponse(new { WEBSITE_HOSTNAME =Environment.GetEnvironmentVariable("WEBSITE_HOSTNAME") });
For the Performance routing method, all my requests would be routed to bruce-mobile02.azurewebsites.net
:
For the Weighted routing method, I configured the same WEIGHT for my two endpoints. Per my test, the requests with the same AuthenticationToken
that attached as the x-zumo-auth
header value for authorization would be routed to my two endpoints as follows:
这篇关于结合使用Azure Traffic Manager和Mobile App的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!