本文介绍了如何通过 AAD 对 Azure 服务管理请求进行身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!
问题描述
我尝试了 3 种方法都没有结果:
I've tried 3 ways with no result:
- 根据这篇文章 https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx 我已经在 AAD 中注册了具有访问 Azure 服务管理 API 权限的新 Web 应用程序(步骤 1-9)并编写了推荐的两行代码来获取令牌:
- According to this article https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx I've registered new web application in AAD with permissions to Access Azure Service Management API (steps 1-9) and written the recommended two lines of code to acquire the token:
var context = new AuthenticationContext($"https://login.windows.net/{tenantId}");
var result = context.AcquireToken("https://management.core.windows.net/", clientId, new Uri(redirectUri));
,但它失败了,异常:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException was unhandled
Message: An unhandled exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' occurred in Microsoft.IdentityModel.Clients.ActiveDirectory.dll
Additional information: AADSTS90014: The request body must contain the following parameter: 'client_secret or client_assertion'.
Trace ID: aa2d6962-5aea-4f8e-bed4-9e83c7631887
Correlation ID: f7f1a61e-1720-4243-96fa-cff182150931
- 我也试过了:
var context = new AuthenticationContext($"https://login.windows.net/{tenantId}");
var result = context.AcquireToken("https://management.core.windows.net/", new ClientCredential(clientId, clientSecret));
其中 clientSecret 是我的应用程序的秘密应用程序密钥.此版本返回一个令牌,但使用此令牌的请求返回 403 禁止:服务器未能验证请求.验证证书是否有效并与此订阅相关联.
where clientSecret is secret app key of my application. This version returns a token, but requests with this token returns 403 Forbidden:The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
- 最后,我找到了 http://blogs.msdn.com/b/cloud_solution_architect/archive/2015/03/02/authenticating-azure-service-management-api-with-azure-ad-user-credentials.aspx,建议:
var context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId));
// TODO: Replace with your Azure AD user credentials (i.e. admin@contoso.onmicrosoft.com)
string user = "{YOUR-USERID]";
string pwd = "{YOUR-USER-PASSWORD}";
var userCred = new UserCredential(user, pwd);
AuthenticationResult result =
await context.AcquireTokenAsync("https://management.core.windows.net/", clientId, userCred);
但它也会失败,与第一种情况相同......
but it also fails with the same exception as in the first case...
你能帮帮我吗?
推荐答案
在 Azure 门户中创建应用程序时,应将应用程序类型"更改为本地客户端应用程序".
You should change the "Application Type" to "NATIVE CLIENT APPLICATION" while creating the application in the Azure portal.
这篇关于如何通过 AAD 对 Azure 服务管理请求进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!
本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!