如何使用应用程序ID及其密钥之一进行身份验证? [英] How do I use an Application ID and one of its keys to authenticate?

问题描述

通过我的此处的问题，我知道我可以进行设置Active Directory中的应用程序注册，并且我可以使用在应用程序注册中设置的应用程序ID和密钥来进行身份验证.

From my question here I understand that I can set up an application registration in Active Directory, and that I can use the application ID and a key that I set up within the application registration in order to authenticate.

下面是如何执行此操作的示例?

Where is an example on how to do that?

应用程序ID(我理解也称为客户端ID)和我添加到键集合中的键与服务主体有什么结合?

What has the combination of the application ID (which I understand to also be called the client ID) and the key I add to the keys collection got to do with the Service Principal?

[更新]

来自如果我理解正确，我们将不再谈论应用程序密钥"，而是在谈论应用程序凭证".我猜这是同一回事吗?

If I understand it correctly we are no longer talking about "application key", we are talking about "application credentials". I am guessing this is the same thing?

以下段落让我无可救药地混淆了应用程序凭据"，登录凭据"和服务主体的凭据"之间的区别:

The following paragraph has me hopelessly confused about the difference between "application credentials", "sign in credentials", and "service principal's credentials":

要使用服务主体登录，请在Connect-AzureRmAccount cmdlet中使用-ServicePrincipal参数.您还将需要服务主体的应用程序ID，登录凭据以及与该服务主体相关联的租户ID.为了获取服务主体的凭据作为适当的对象，请使用Get-Credential cmdlet.此cmdlet将显示一个对话框，用于在其中输入服务主体用户ID和密码."

"To sign in with a service principal, use the -ServicePrincipal argument with the Connect-AzureRmAccount cmdlet. You will also need the service princpal's application ID, sign-in credentials, and the tenant ID associate with the service principal. In order to get the service principal's credentials as the appropriate object, use the Get-Credential cmdlet. This cmdlet will display a dialog box to enter the service principal user ID and password into."

[更新]

从答案这里的问题，我已经能够使用以下应用程序设置:

From the answer to my question here I have been able to run HelloKeyVault using the following app settings:

VaultUrl，AuthClientId和AuthCertThumbprint

VaultUrl, AuthClientId and AuthCertThumbprint

没有提及服务主体或密钥"或令牌"

There is no mention of a service principal or "key" or a "token"

我只是想了解推荐答案

来自此处的示例应用程序 在此处报告

我能够运行HelloKeyVault源文件

I was able to run the HelloKeyVault source

 class Program
{
    static KeyVaultClient keyVaultClient;
    static InputValidator inputValidator;

    static void Main(string[] args)
    {

        KeyBundle keyBundle = null; // The key specification and attributes
        SecretBundle secret = null;
        CertificateBundle certificateBundle = null;
        string keyName = string.Empty;
        string secretName = string.Empty;
        string certificateName = string.Empty;
        string certificateCreateName = string.Empty;

        inputValidator = new InputValidator(args);

        ServiceClientTracing.AddTracingInterceptor(new ConsoleTracingInterceptor());
        ServiceClientTracing.IsEnabled = inputValidator.GetTracingEnabled();

        var clientId = ConfigurationManager.AppSettings["AuthClientId"];
        var cerificateThumbprint = ConfigurationManager.AppSettings["AuthCertThumbprint"];

        var certificate = FindCertificateByThumbprint(cerificateThumbprint);
        var assertionCert = new ClientAssertionCertificate(clientId, certificate);

        keyVaultClient = new KeyVaultClient((authority, resource, scope) => GetAccessToken(authority, resource, scope, assertionCert), 
               new InjectHostHeaderHttpMessageHandler());
         // etc

这表明我们可以使用AuthClientId和AuthCertThumbprint获取令牌

This shows that we can get the token using the AuthClientId and the AuthCertThumbprint

在这种情况下，应猜测AuthClientId给出了应用程序ID，而AuthCertThumbprint给出了要验证的密钥"

In this case guess the Application Id is given by the AuthClientId and the "key to authenticate" is given by the AuthCertThumbprint

没有提到服务主体是必需的.

The Service principal is not mentioned as being necessary.

这篇关于如何使用应用程序ID及其密钥之一进行身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！