获取Azure SQL Server的Azure AD令牌 [英] Acquiring Azure AD Token for Azure SQL Server

查看:142
本文介绍了获取Azure SQL Server的Azure AD令牌的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试开发一个Web应用程序,该应用程序使用证书对AD进行身份验证,然后获取令牌以连接到SQL Azure DB.

I'm trying to develop a web application that uses a certificate to authenticate with AD and then acquires a token to connect to a SQL Azure DB.

我已经按照 https ://azure.microsoft.com/zh-CN/documentation/articles/sql-database-aad-authentication/

I've followed all the steps in https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/ and https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential except I'm using the code sample from here - https://blogs.msdn.microsoft.com/sqlsecurity/2016/02/09/token-based-authentication-support-for-azure-sql-db-using-azure-ad-auth/

一切顺利,直到我上线

result = await authContext.AcquireTokenAsync(sqlDBResourceId, certCred);

我不太确定要为sqlDBResourceId输入什么,我已经尝试过

I'm not quite sure what to put in for sqlDBResourceId, I've tried 

"https://<databasename>.database.windows.net/"
"https://<databasename>.windows.net/"
"<databasename>"

但我总是得到

{"AADSTS50001:名为 https://databasename.database.windows.net/的应用程序在名为tenantname.onmicrosoft.com的承租人中找不到.如果该应用程序未由承租人的管理员安装或未得到承租人中任何用户的同意,则可能会发生这种情况.您可能已将身份验证请求发送给了错误的承租人.\ r \ n跟踪ID:\ r \ n关联ID:\ r \ n时间戳:2016-08-09 23:35:38Z}

{"AADSTS50001: The application named https://databasename.database.windows.net/ was not found in the tenant named tenantname.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: \r\nCorrelation ID: \r\nTimestamp: 2016-08-09 23:35:38Z"}

使用https://graph.windows.net/作为sqlDBResourceId时,我能够接收令牌.因此,也许我没有正确设置我的tenant-directory-domain-db关系?任何从何处开始的建议都将不胜感激.

I was able to recieve a token when I used https://graph.windows.net/ as the sqlDBResourceId. So perhaps I haven't set up my tenant-directory-domain-db relationship correctly? Any advice on where to start would be greatly appreciated.

推荐答案

https://database.windows.net/,因为sqlDBResourceId是正确的答案 谢谢 米雷克

https://database.windows.net/ as the sqlDBResourceId is the correct answer Thx Mirek

这篇关于获取Azure SQL Server的Azure AD令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆