问题描述
我必须针对 Azure AD 对应用程序进行身份验证.我创建了 Web API 并将其添加到 Azure AD 应用程序部分.更改了清单文件,创建了一个 Web API 并通过 Azure AD 进行了身份验证,并创建了一个 Windows 表单,其中包含以下代码:
I have to authenticate an application against Azure AD. I have created the web API and added it to the Azure AD application section. Changed the manifest file, created a web API and authenticated with the Azure AD and created a Windows form, containing the following code:
private async void button1_Click(object sender, EventArgs e)
{
string authority = "https://login.windows.net/test113.onmicrosoft.com";
string resourceURI = "https://test113.onmicrosoft.com/ftp";
string clientID = "5177ef76-cbb4-43a8-a7d0-899d3e886b34";
Uri returnURI = new Uri("http://keoftp");
AuthenticationContext authContext =
new AuthenticationContext(authority);
AuthenticationResult authResult =
authContext.AcquireToken(resourceURI, clientID, returnURI);
string authHeader = authResult.CreateAuthorizationHeader();
// don't do this in prod
System.Net.ServicePointManager.ServerCertificateValidationCallback =
((s, c, c2, se) => true);
HttpClient client = new HttpClient();
HttpRequestMessage request =
new HttpRequestMessage(HttpMethod.Get, "https://localhost:44300/api/tasks");
request.Headers.TryAddWithoutValidation("Authorization", authHeader);
var response = await client.SendAsync(request);
string responseString = await response.Content.ReadAsStringAsync();
MessageBox.Show(responseString);
}
我有一个例外:
类型异常'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException'发生在 Microsoft.IdentityModel.Clients.ActiveDirectory.dll 但未在用户代码中处理
An exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' occurred in Microsoft.IdentityModel.Clients.ActiveDirectory.dll but was not handled in user code
附加信息:AADSTS50001:应用程序名为在名为的租户中找不到 https://test113.onmicrosoft.com/ftptest113.onmicrosoft.com.如果应用程序没有发生这种情况由租户的管理员安装或由租户同意租户中的任何用户.您可能已经发送了您的身份验证请求错误的租户.
Additional information: AADSTS50001: The application named https://test113.onmicrosoft.com/ftp was not found in the tenant named test113.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
跟踪 ID:e782d60e-b861-46a3-b32b-f3df78396bd0相关标识:b4809815-2755-4de1-bd1b-0221d74fd0f0 时间戳:2016-03-17 11:20:08Z
Trace ID: e782d60e-b861-46a3-b32b-f3df78396bd0 Correlation ID: b4809815-2755-4de1-bd1b-0221d74fd0f0 Timestamp: 2016-03-17 11:20:08Z
推荐答案
resource in the request 是指你想在特定租户中访问的资源.当本机客户端需要从 Azure Active Directory 获取令牌时,它需要指定要为其获取令牌的资源.在这种情况下,客户端应用程序想要访问 Web API,因此 Web API 的 APP ID URI 用作资源名称.获得令牌后,它还需要知道可以访问资源的 URL,在这种情况下是 Web API 的地址.例如:
Resource in the request means the resource which you want to access in the particular tenant. When a native client needs to get a token from Azure Active Directory, it needs to specify the resource it wants a token for. In this scenario the client application wants access to the Web API so the APP ID URI for the Web API is used as the resource name. After it has the token it also needs to know the URL where the resource can be accessed, in this case the address of the Web API.For example:
// Resource settings this application wants to access
private string resource = "https://cloudalloc.com/CloudAlloc.WebAPI";
private Uri WebAPIUri = new Uri("https://localhost:44313");
这两个设置都可以在 Azure 管理门户中 Web API 应用程序的配置页面的单一登录部分中找到.
Both of these settings can be found in the single sign-on section of the CONFIGURE page for the Web API application in the Azure Management portal.
单击 这里了解更多详情.
这篇关于在名为 test113.onmicrosoft.com 的租户中找不到名为 HTTPS://test113.onmicrosoft.com/FTP 的应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!