如何进行身份验证的Azure服务管理通过AAD请求 [英] How to authenticate Azure Service Management Requests via AAD
本文介绍了如何进行身份验证的Azure服务管理通过AAD请求的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我试过3种方式没有结果:
- 根据这篇文章 https://msdn.microsoft.com/ EN-US /库/天蓝色/ ee460782.aspx 我已经注册AAD新的Web应用程序的权限来访问的Azure服务管理API(步骤1-9)和书面code推荐的两行获得令牌:
VAR背景=新AuthenticationContext($https://login.windows.net/{tenantId});
VAR的结果= context.AcquireToken(https://management.core.windows.net/,客户端ID,新的URI(redirectUri)); ,但它失败,异常:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException了未处理
消息:类型Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException的未处理的异常出现在Microsoft.IdentityModel.Clients.ActiveDirectory.dll
其他信息:AADSTS90014:请求体中必须包含下列参数:'client_secret或client_assertion。
跟踪ID:aa2d6962-5aea-4f8e-bed4-9e83c7631887
相关ID:f7f1a61e-1720-4243-96fa-cff182150931
<醇开始=2>
VAR背景=新AuthenticationContext($https://login.windows.net/{tenantId});
VAR的结果= context.AcquireToken(https://management.core.windows.net/,新ClientCredential(客户端ID,clientSecret)); 其中clientSecret是我的应用程序的秘密APP键。
这个版本返回一个标记,但与此令牌返回 403禁止要求:服务器无法验证请求。验证证书是有效的,并与此订阅关联的
VAR背景=新AuthenticationContext(的String.Format(https://login.windows.net/{0},tenantId)); // TODO:替换为您的Azure AD用户凭据(即admin@contoso.onmicrosoft.com)
字符串用户={YOUR-USERID];
字符串PWD ={您的用户密码};
VAR userCred =新UserCredential(用户,PWD); AuthenticationResult结果=
等待context.AcquireTokenAsync(https://management.core.windows.net/,客户端ID,userCred); ,但它也失败,出现相同的异常如在第一种情况...
你能帮助我吗?
解决方案
您应该更改应用型为机客户端应用,同时创造了Azure的门户应用程序。
I've tried 3 ways with no result:
- According to this article https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx I've registered new web application in AAD with permissions to Access Azure Service Management API (steps 1-9) and written the recommended two lines of code to acquire the token:
var context = new AuthenticationContext($"https://login.windows.net/{tenantId}");
var result = context.AcquireToken("https://management.core.windows.net/", clientId, new Uri(redirectUri));, but it fails with the exception:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException was unhandled
Message: An unhandled exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' occurred in Microsoft.IdentityModel.Clients.ActiveDirectory.dll
Additional information: AADSTS90014: The request body must contain the following parameter: 'client_secret or client_assertion'.
Trace ID: aa2d6962-5aea-4f8e-bed4-9e83c7631887
Correlation ID: f7f1a61e-1720-4243-96fa-cff182150931
- Also I've tried:
var context = new AuthenticationContext($"https://login.windows.net/{tenantId}");
var result = context.AcquireToken("https://management.core.windows.net/", new ClientCredential(clientId, clientSecret));where clientSecret is secret app key of my application. This version returns a token, but requests with this token returns 403 Forbidden:The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.
- The last, I've found http://blogs.msdn.com/b/cloud_solution_architect/archive/2015/03/02/authenticating-azure-service-management-api-with-azure-ad-user-credentials.aspx, which recommends:
var context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId));
// TODO: Replace with your Azure AD user credentials (i.e. admin@contoso.onmicrosoft.com)
string user = "{YOUR-USERID]";
string pwd = "{YOUR-USER-PASSWORD}";
var userCred = new UserCredential(user, pwd);
AuthenticationResult result =
await context.AcquireTokenAsync("https://management.core.windows.net/", clientId, userCred);but it also fails with the same exception as in the first case...
Could you please assist me?
解决方案
You should change the "Application Type" to "NATIVE CLIENT APPLICATION" while creating the application in the Azure portal.
这篇关于如何进行身份验证的Azure服务管理通过AAD请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
