如何通过AAD验证Azure服务管理请求
本文关键字:服务 管理 请求 Azure 验证 何通过 AAD | 更新日期: 2023-09-27 18:19:02
我试了三种方法都没有结果:
- 根据本文https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx,我已经在AAD中注册了新的web应用程序,具有访问Azure服务管理API的权限(步骤1-9),并编写了推荐的两行代码来获取令牌:
var context = new AuthenticationContext($"https://login.windows.net/{tenantId}");
var result = context.AcquireToken("https://management.core.windows.net/", clientId, new Uri(redirectUri));,但是它失败了,并且出现了异常:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException was unhandled
Message: An unhandled exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' occurred in Microsoft.IdentityModel.Clients.ActiveDirectory.dll
Additional information: AADSTS90014: The request body must contain the following parameter: 'client_secret or client_assertion'.
Trace ID: aa2d6962-5aea-4f8e-bed4-9e83c7631887
Correlation ID: f7f1a61e-1720-4243-96fa-cff182150931
var context = new AuthenticationContext($"https://login.windows.net/{tenantId}");
var result = context.AcquireToken("https://management.core.windows.net/", new ClientCredential(clientId, clientSecret));其中clientSecret是我的应用程序的秘密应用程序密钥。这个版本返回一个令牌,但是带有这个令牌的请求返回403 Forbidden:服务器无法验证请求。验证证书是否有效并与此订阅相关联。
var context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId));
// TODO: Replace with your Azure AD user credentials (i.e. admin@contoso.onmicrosoft.com)
string user = "{YOUR-USERID]";
string pwd = "{YOUR-USER-PASSWORD}";
var userCred = new UserCredential(user, pwd);
AuthenticationResult result =
await context.AcquireTokenAsync("https://management.core.windows.net/", clientId, userCred);,但它也失败了,并出现与第一种情况相同的异常…
你能帮我一下吗?
在Azure门户中创建应用程序时,应将"应用程序类型"更改为"NATIVE CLIENT Application "