MSAL-使用IntegratedWindowsAuth获取令牌时出现问题 [英] MSAL - Problem acquiring token with IntegratedWindowsAuth
问题描述
我正在使用MSAL使用集成的Windows身份验证从Azure中的身份验证应用程序获取令牌.代码是:
I am using MSAL to acquire token from an auth app in Azure using integrated windows authentication. The code is:
var tenant = $"https://login.microsoftonline.com/<myTenantId>";
var clientId = "<myClientId>";
var scopes = new string[] { "https://graph.microsoft.com/.default" };
var publicApplication = PublicClientApplicationBuilder.Create(clientId).WithAuthority(tenant).Build();
var token = await publicApplication.AcquireTokenByIntegratedWindowsAuth(scopes).ExecuteAsync();
这将引发以下异常:
Integrated Windows Auth is not supported for managed users.
- 我已验证运行该应用程序的用户不是受管理的用户(该用户是在本地AD中创建的,并已同步到Azure AD通过AD Connect同步).
- 我已通过传递在Azure租户中启用了SSO身份验证.
- 管理员已同意该身份验证应用程序.
我已按照 https中的步骤进行操作://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Integrated-Windows-Authentication ,据我确认,我没有错过任何东西.
I have followed the steps from https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Integrated-Windows-Authentication and as far as I can confirm I have not missed anything.
我的配置中可能缺少某些东西吗?在此方面提供的任何帮助都将受到高度赞赏.
Is there something that I might have missed in my configuration? Any help in this is highly appreciated.
推荐答案
在与Microsoft的讨论中,直通身份验证不支持IWA(在我的案例中就是这种情况).为了使IWA正常工作,我们需要在环境中安装ADFS.
From my discussion with Microsoft, IWA is not supported for pass-through authentication (which was the scenario in my case). For IWA to work, we need to have ADFS in our environment.
这篇关于MSAL-使用IntegratedWindowsAuth获取令牌时出现问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!