MSAL-使用IntegratedWindowsAuth获取令牌时出现问题 [英] MSAL - Problem acquiring token with IntegratedWindowsAuth

问题描述

我正在使用MSAL使用集成的Windows身份验证从Azure中的身份验证应用程序获取令牌.代码是:

I am using MSAL to acquire token from an auth app in Azure using integrated windows authentication. The code is:

var tenant = $"https://login.microsoftonline.com/<myTenantId>";
var clientId = "<myClientId>";
var scopes =  new string[] { "https://graph.microsoft.com/.default" };

var publicApplication = PublicClientApplicationBuilder.Create(clientId).WithAuthority(tenant).Build();
var token = await publicApplication.AcquireTokenByIntegratedWindowsAuth(scopes).ExecuteAsync();

这将引发以下异常:

Integrated Windows Auth is not supported for managed users.

• 我已验证运行该应用程序的用户不是受管理的用户(该用户是在本地AD中创建的，并已同步到Azure AD通过AD Connect同步).
• 我已通过传递在Azure租户中启用了SSO身份验证.
• 管理员已同意该身份验证应用程序.

我已按照 https中的步骤进行操作://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Integrated-Windows-Authentication ，据我确认，我没有错过任何东西.

I have followed the steps from https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Integrated-Windows-Authentication and as far as I can confirm I have not missed anything.

我的配置中可能缺少某些东西吗?在此方面提供的任何帮助都将受到高度赞赏.

Is there something that I might have missed in my configuration? Any help in this is highly appreciated.

推荐答案

在与Microsoft的讨论中，直通身份验证不支持IWA(在我的案例中就是这种情况).为了使IWA正常工作，我们需要在环境中安装ADFS.

From my discussion with Microsoft, IWA is not supported for pass-through authentication (which was the scenario in my case). For IWA to work, we need to have ADFS in our environment.

这篇关于MSAL-使用IntegratedWindowsAuth获取令牌时出现问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！