试图获取所有租户用户的所有Azure订阅都已关联,我使用的是从GitHub获得的Azure示例解决方案,但该解决方案无法获得所有订阅。 Sample Solution Link。 遍历每个租户时,调用Azure资源管理列表Subscription API
后出现错误除索赔中的租户以外,所有租户的“以下尝试代码”都会阻止例外
无法以静默方式获取令牌。调用方法AcquireToken
string tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
,该异常在catch块中处理,在该块中调用authContext.AcquireToken而不是authContext.AcquireTokenSilent
public static List<Subscription> GetUserSubscriptions(string organizationId)
{
List<Subscription> subscriptions = null;
//string tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string signedInUserUniqueName = ClaimsPrincipal.Current.FindFirst(ClaimTypes.Name).Value.Split('#')[ClaimsPrincipal.Current.FindFirst(ClaimTypes.Name).Value.Split('#').Length - 1];
try
{
// Aquire Access Token to call Azure Resource Manager
ClientCredential credential = new ClientCredential(ConfigurationManager.AppSettings["ida:ClientID"],
ConfigurationManager.AppSettings["ida:Password"]);
// initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's EF DB
AuthenticationContext authContext = new AuthenticationContext(
string.Format(ConfigurationManager.AppSettings["ida:Authority"], organizationId),
new ADALTokenCache(signedInUserUniqueName));
AuthenticationResult result =
authContext.AcquireTokenSilent(
ConfigurationManager.AppSettings["ida:AzureResourceManagerIdentifier"], credential,
new UserIdentifier(signedInUserUniqueName, UserIdentifierType.RequiredDisplayableId));
subscriptions = new List<Subscription>();
// Get subscriptions to which the user has some kind of access
string requestUrl = string.Format("{0}/subscriptions?api-version={1}",
ConfigurationManager.AppSettings["ida:AzureResourceManagerUrl"],
ConfigurationManager.AppSettings["ida:AzureResourceManagerAPIVersion"]);
// Make the GET request
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = client.SendAsync(request).Result;
if (response.IsSuccessStatusCode)
{
string responseContent = response.Content.ReadAsStringAsync().Result;
dynamic subscriptionsResult = (Json.Decode(responseContent)).value;
foreach (dynamic subscription in subscriptionsResult)
{
subscriptions.Add(new Subscription()
{
Id = subscription.subscriptionId,
DisplayName = subscription.displayName,
OrganizationId = organizationId
});
}
}
}
下面的catch块能够在动态更改租户ID(组织ID)之后获取令牌,但是在将令牌与REST API结合使用时会出现以下错误
{“错误”:{“代码”:“ InvalidAuthenticationToken”,“消息”:“”接收到的访问令牌无效:应至少存在声明“ puid”或“ altsecid”或“ oid”之一。如果要作为应用程序访问,请确保在租户中正确创建了服务主体。“}}
catch (AdalException ex)
{
if (ex.ErrorCode == "failed_to_acquire_token_silently")
{
ClientCredential credential = new ClientCredential(ConfigurationManager.AppSettings["ida:ClientID"],
ConfigurationManager.AppSettings["ida:Password"]);
// initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's EF DB
AuthenticationContext authContext = new AuthenticationContext(
string.Format(ConfigurationManager.AppSettings["ida:Authority"], organizationId), new ADALTokenCache(signedInUserUniqueName));
//List<TokenCacheItem> items = authContext.TokenCache.ReadItems().ToList();
string resource = ConfigurationManager.AppSettings["ida:AzureResourceManagerIdentifier"];
AuthenticationResult result = authContext.AcquireToken(resource, credential);
subscriptions = new List<Subscription>();
// Get subscriptions to which the user has some kind of access
string requestUrl = string.Format("{0}/subscriptions?api-version={1}", ConfigurationManager.AppSettings["ida:AzureResourceManagerUrl"],
ConfigurationManager.AppSettings["ida:AzureResourceManagerAPIVersion"]);
// Make the GET request
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = client.SendAsync(request).Result;
if (response.IsSuccessStatusCode)
{
string responseContent = response.Content.ReadAsStringAsync().Result;
var subscriptionsResult = (Json.Decode(responseContent)).value;
foreach (var subscription in subscriptionsResult)
subscriptions.Add(new Subscription()
{
Id = subscription.subscriptionId,
DisplayName = subscription.displayName,
OrganizationId = organizationId
});
}
else
{
string errMessage = response.Content.ReadAsStringAsync().Result;
}
}
}
return subscriptions;
}```