无法验证AzureAD本机客户端应用程序 [英] Cannot Authenticate AzureAD native client application
问题描述
我已经注册了AzureAD应用程序,它是一个公共客户端/本机客户端.
我正在使用门户网站中Azure生成的标准代码.
重要的部分是
静态App(){_clientApp = PublicClientApplicationBuilder.Create(ClientId).WithLogging((level,message,containsPii)=>{System.Diagnostics.Debug.WriteLine("*************************");System.Diagnostics.Debug.WriteLine($"{level}:{message}");},LogLevel.Verbose,true,true).WithAuthority($"{Instance} {Tenant}").WithRedirectUri(RedirectURI).建造();TokenCacheHelper.EnableSerialization(_clientApp.UserTokenCache);}
和
authResult =等待应用程序.AcquireTokenInteractive(作用域).WithAccount(accounts.FirstOrDefault()).WithParentActivityOrWindow(new WindowInteropHelper(this).Handle)//可选,用于将浏览器置于窗口中心.WithPrompt(提示选择帐户).ExecuteAsync();
返回的错误是;
"AADSTS7000218:请求正文必须包含以下参数:"client_assertion"或"client_secret".
遵循
I have registered an AzureAD application which is a public client / Native Client.
I am using the standard code generated by Azure in the portal.
the important bits being
static App()
{
_clientApp = PublicClientApplicationBuilder.Create(ClientId)
.WithLogging((level, message, containsPii) =>
{
System.Diagnostics.Debug.WriteLine("*************************");
System.Diagnostics.Debug.WriteLine($"{level}: {message}");
}, LogLevel.Verbose, true, true)
.WithAuthority($"{Instance}{Tenant}")
.WithRedirectUri(RedirectURI)
.Build();
TokenCacheHelper.EnableSerialization(_clientApp.UserTokenCache);
}
and
authResult = await app.AcquireTokenInteractive(scopes)
.WithAccount(accounts.FirstOrDefault())
.WithParentActivityOrWindow(new WindowInteropHelper(this).Handle) // optional, used to center the browser on the window
.WithPrompt(Prompt.SelectAccount)
.ExecuteAsync();
The returned error is;
"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
Following what I for example read here and in most places in AzureAD I have changed the default type to Public client.
I am still getting the same error.
I have enabled logging and I think i have the relevant part below
Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) An authorization code was retrieved from the /authorize endpoint. Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) Exchanging the auth code for tokens Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) === InteractiveParameters Data === LoginHint provided: False User provided: False UseEmbeddedWebView: NotSpecified ExtraScopesToConsent: Prompt: select_account HasCustomWebUi: False
Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) Response status code does not indicate success: 401 (Unauthorized). Warning: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) Request retry failed. Info: (False) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) HttpStatusCode: 401: Unauthorized Error: (True) MSAL 4.13.0.0 MSAL.Desktop Microsoft Windows NT 6.2.9200.0 (UnknownClient: 0.0.0.0) MSAL.Desktop.4.13.0.0.MsalServiceException: ErrorCode: invalid_client Microsoft.Identity.Client.MsalServiceException: A configuration issue is preventing authentication - check the error message from the server for details.You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
It appears I am getting a authorization code but failing to get the tokens. The error being 401 (Unauthorized).
Can someone please help me to understand this?
There are two steps to fix this issue.
1.Change the default client type to Public client.
2.Add Mobile and desktop applications platform
这篇关于无法验证AzureAD本机客户端应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!