无法为不同的租户验证Azure Api [英] Unable to authenticate Azure Api's for different tenant

问题描述

虽然我的应用程序使用在不同域名下注册的电子邮件ID，但我无法对Azure API进行身份验证。它适用于我公司的电子邮件地址。
$


我在AD中注册申请的步骤：

1. 在Azure Active Directory中注册了一个应用程序。

2. 设置权限请求以允许客户端访问Azure Resource Manager API。

3. 此外，还启用了Multi tenanted选项。



授权网址：

/ common / oauth2 / authorize？

client_id = XXXXXXXXXXXXXXXXXXXXX

& response_type =代码

& redirect_uri = calBackURL

& response_mode =查询

& resource = https％3a％2f％2fmanagement.azure.com

& state = 12345& prompt =同意



令牌网址

/ common / oauth2 / token？

grant_type = authorization_code

& client_id = xxxxxxxxxx

& code = {Code}

& redirect_uri = {calBackURL}

& client_secret = xxx xxxxxxx



您可以帮助对不同租户/多租户的Azure Api进行身份验证。

解决方案

如果您使用的是App-Only权限，请传递"prompt = admin_consent"相反，仅限应用程序的权限始终需要租户管理员的同意。 请参阅  使用多租户应用程序模式在任何Azure Active Directory用户中签名

I am not able to authenticate the Azure API's though my application with the email id registered under different domain name. It works for me company email address.

Steps I followed to register the application in AD:
1. Registered an app in Azure Active Directory.
2. Set permission requests to allow the client to access the Azure Resource Manager API.
3. Also, enabled the Multi tenanted option.

Authorize URL:
/common/oauth2/authorize?
client_id=XXXXXXXXXXXXXXXXXXXXX
&response_type=code
&redirect_uri=calBackURL
&response_mode=query
&resource=https%3a%2f%2fmanagement.azure.com
&state=12345&prompt=consent

Token URL
/common/oauth2/token?
grant_type=authorization_code
&client_id=xxxxxxxxxx
&code={Code}
&redirect_uri={calBackURL}
&client_secret=xxxxxxxxxx

Could you please help up to authenticate to Azure Api's for different tenant/multi-tenant.

解决方案

If you are using App-Only permissions please pass "prompt=admin_consent" instead as the App-Only permissions always require a tenant administrator's consent.  Please refer to Sign in any Azure Active Directory user using the multi-tenant application pattern.

这篇关于无法为不同的租户验证Azure Api的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！