我正在尝试从互联网更改一个可行的示例:
IAzure azure = Azure.Configure()
.Authenticate(credentials)
.WithSubscription(credentials.DefaultSubscriptionId)
像这样进入Azure设备身份验证:
AzureCredentials accessTokenCredentials = GetAzureAccessTokenCredentials(credentials,
AzureEndPointApi.Management,
environment);
IAzure az = Azure.Configure().Authenticate(accessTokenCredentials)
除非我需要调用一些同时使用Management API和Graph API的函数,否则此方法仍然有效:
private static async Task<IServicePrincipal> AddAccountToRoles(IAzure azureManagement, IAzure azureGraph, IActiveDirectoryApplication activeDirectoryApp)
{
var role = azureGraph.AccessManagement.ServicePrincipals.Define($"{activeDirectoryApp.Name}-contributor")
.WithExistingApplication(activeDirectoryApp)
.WithNewRoleInSubscription(BuiltInRole.Contributor, azureGraph.SubscriptionId);
var result = await role.CreateAsync();
return result;
}
CreateAsync根据Fiddler调用Graph AP和Management API。所以我想它需要两个不同的访问令牌(每个服务一个),不是吗?
所以我将代码更改为:
var restClient = RestClient
.Configure()
.WithBaseUri(AzureDelegatingHandler.GetBaseUri(environment, AzureEndPointApi.Management))
.WithEnvironment(environment)
.WithCredentials(GetAzureAccessTokenCredentials(credentials, AzureEndPointApi.Management, environment))
.WithBaseUri(AzureDelegatingHandler.GetBaseUri(environment, AzureEndPointApi.Graph))
.WithEnvironment(environment)
.WithCredentials(GetAzureAccessTokenCredentials(credentials, AzureEndPointApi.Graph, environment))
.Build();
IAzure azure = Azure
.Authenticate(restClient, credentials.TenantId)
.WithSubscription(credentials.DefaultSubscriptionId);
public static string GetBaseUri(AzureEnvironment environment, AzureEndPointApi azureEndPointApi)
{
switch (azureEndPointApi)
{
case AzureEndPointApi.Graph:
return environment.GraphEndpoint;
case AzureEndPointApi.Management:
return environment.ManagementEndpoint;
default:
throw new NotSupportedException(azureEndPointApi.ToString());
}
}
但是此代码提供了不正确的访问令牌-不是基于REST API端点库uri。
我怎么了?
答案 0 :(得分:0)
AzureCredentials的构造函数带有两个访问令牌,每个API都有一个。