Azure的Active Directory的授权和QUOT;访问令牌是错误的发行人 [英] Azure Active Directory Authorization "The access token is from the wrong issuer '

问题描述

我想实现这但我具有m错误：

I'm trying to implement this but I'm having an error:

{
 "error": {
"code": "InvalidAuthenticationTokenTenant",
"message": "The access token is from the wrong issuer 'https://sts.windows.net/id/'. It must match the tenant 'https://sts.windows.net/id/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/id' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later."
}
}

任何帮助真的是AP preciated。
谢谢！

Any help is really appreciated. Thanks!!!

更新：
这里的code：

Update: Here's the code:

 public static string GetAccessToken()
    {
        var authenticationContext = new AuthenticationContext("https://login.windows.net/tenant-id");
        var credential = new ClientCredential(clientId: "client-id", clientSecret: "key");
        var result = authenticationContext.AcquireToken(resource: "https://management.core.windows.net/", clientCredential: credential);

        if (result == null)
        {
            throw new InvalidOperationException("Failed to obtain the JWT token");
        }

        string token = result.AccessToken;

        return token;
    }

此外，有没有定价计算器的API？谢谢

Also, is there an API for pricing calculator? Thanks

推荐答案

这样做的原因是：我们验证反对共同的租户，但现在我们从属于一个单独的租户订阅试图访问数据 - 我们不具有的accessToken这个新房客。

The reason for this is : we authenticated against the common tenant, but now we're trying access data from a subscription which belongs to a separate tenant - and we don't have an AccessToken for this new tenant.

我们在这种情况下，要做的就是获得一个新的accessToken（一JWT）为同一个用户和客户端ID，但授权对租户我们选择订阅。

What we have to do in this case is acquire a new AccessToken (a JWT) for the same user and client ID, but authorising against the tenant for the subscription we selected.

即。我们有一个的accessToken，但它是一种常见的租户的accessToken，因此是有限的什么被授权：与特定于某个订购资源的工作，我们现在需要的accessToken该特定订阅和租户。

i.e. we have an AccessToken , but it's a common tenant AccessToken , and therefore is limited in what is authorised: to work with resources that are specific to a particular subscription, we now need an AccessToken for that specific subscription and tenant.

要做到这一点，我们只需要使用订阅的TenantId选择，而不是使用共同租户用户。

To do this, we just need to use the TenantId of the subscription the User selected instead of using a Tenant of "common".

请参阅步骤3在的http://www.bizbert.com/bizbert/2015/11/16/Listing+Subscriptions+And+Logic+Apps+From+NET.aspx了解详情。

See the step 3 at http://www.bizbert.com/bizbert/2015/11/16/Listing+Subscriptions+And+Logic+Apps+From+NET.aspx for details.

这篇关于Azure的Active Directory的授权和QUOT;访问令牌是错误的发行人的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！