Question

我尝试了三种没有结果的方法：

根据这篇文章https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx我在AAD中注册了具有Access Azure Service Management API权限的新Web应用程序（步骤1-9），并编写了推荐的两行代码来获取令牌：

    var context = new AuthenticationContext($"https://login.windows.net/{tenantId}");
    var result = context.AcquireToken("https://management.core.windows.net/", clientId, new Uri(redirectUri));

，但它失败，例外：

Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException was unhandled
Message: An unhandled exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' occurred in Microsoft.IdentityModel.Clients.ActiveDirectory.dll
Additional information: AADSTS90014: The request body must contain the following parameter: 'client_secret or client_assertion'.
Trace ID: aa2d6962-5aea-4f8e-bed4-9e83c7631887
Correlation ID: f7f1a61e-1720-4243-96fa-cff182150931

我也试过了：

    var context = new AuthenticationContext($"https://login.windows.net/{tenantId}");
    var result = context.AcquireToken("https://management.core.windows.net/", new ClientCredential(clientId, clientSecret));

其中clientSecret是我的应用程序的秘密应用程序密钥。此版本返回一个令牌，但带有此令牌的请求将返回 403 Forbidden：服务器无法验证请求。验证证书是否有效并与此订阅相关联。

最后，我发现http://blogs.msdn.com/b/cloud_solution_architect/archive/2015/03/02/authenticating-azure-service-management-api-with-azure-ad-user-credentials.aspx，建议：

    var context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId));

    // TODO: Replace with your Azure AD user credentials (i.e. admin@contoso.onmicrosoft.com)
    string user = "{YOUR-USERID]";
    string pwd = "{YOUR-USER-PASSWORD}";
    var userCred = new UserCredential(user, pwd);

    AuthenticationResult result =
    await context.AcquireTokenAsync("https://management.core.windows.net/", clientId, userCred);

但它也失败了，与第一种情况相同的例外......

你能帮助我吗？

Answer 1

您应该更改＆＃34;应用程序类型＆＃34;到＆＃34; NATIVE客户申请＆＃34;在Azure门户中创建应用程序时。

如何通过AAD验证Azure服务管理请求

1 个答案: