AAD中的此请求已被拒绝授权

Question

我是Azure Active Directory开发的新手。我们几乎没有需要通过Web应用程序和移动设备访问的服务（基于Cordova的应用程序）。

• 对于Web应用程序，我们使用ADAL JS。
• 对于移动应用，我们使用Azure AD with an Apache Cordova app。

问题

使用ADAL JS生成的令牌正在授权Web服务并按预期工作。但是使用Azure AD生成的令牌会抛出相应的错误

  

此请求已拒绝授权

解决方法

我们尝试使用C＃中的用户凭据获取访问令牌。我们成功地实现了它。使用该访问令牌，我们试图在Fiddler中点击我们的服务。即使这样，也会抛出相同的错误。

  

此请求已拒绝授权

代码示例

科尔多瓦代码

    var authority = 'https://login.windows.net/**tenantName**';
var resourceUrl = 'https://graph.windows.net/';
var clientID = '***CLIENT ID IN NATIVE APP***';
var redirectUrl = 'http://localhost:49906/';
var tenantName = '***TENANT NAME***';
var endpointUrl = resourceUrl + tenantName;

createContext: function () {
            AuthenticationContext.createAsync(authority)
            .then(function (context) {
                mapp.authContext = context;
                mapp.log("Created authentication context for authority URL: " + context.authority);
                mapp.acquireToken();
            }, mapp.error);
        },
        acquireToken: function () {
            if (mapp.authContext == null) {
                mapp.error('Authentication context isn\'t created yet. Create context first');
                return;
            }
            mapp.authContext.acquireTokenSilentAsync(resourceUrl, clientID).then(function (success) {
                console.log("INSIDESILENT");
                mapp.error("Failed to acquire token: " + success);
                console.log("DATA:::: "+success);
            }, function () {
                mapp.authContext.acquireTokenAsync(resourceUrl, clientID, redirectUrl)
                .then(function (authResult) {
                    mapp.log('Acquired token successfully: ' + pre(authResult));
                    console.log("DATA:::"+authResult.accessToken);
                    localStorage.setItem("SSOFlag", "true");
                    angular.bootstrap(document, ['keurapp']);
                    userDetail = JSON.parse(localStorage.getItem("userDetails"));
                }, function (err) {
                    mapp.error("Failed to acquire token: " + pre(err));
                });
            });
        }

C＃代码

public static string GetAccessToken()
        {
            AuthenticationContext authenticationContext = new AuthenticationContext("https://login.microsoftonline.com/**tenantName**", true);
            UserCredential clientCred = new UserCredential("***USERID***", "***PASSWORD***");
            AuthenticationResult authenticationResult = authenticationContext.AcquireToken(resource: "***APP ID URI OF WEB APPLICATION***", clientId: "***CLIENT ID NATIVE APP***", userCredential: clientCred);
            token = authenticationResult.AccessToken;
            return token;
        }

服务样本：

//[EnableCors(origins: "*", headers: "*", methods: "*")]
//[Authorize]
public class RepositoryController : ApiController
{
    //With Few methods
}

public void Configuration(IAppBuilder app)
{
    ConfigureOAuth(app);
    HttpConfiguration config = new HttpConfiguration();
    WebApiConfig.Register(config);
    app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
    app.UseWebApi(config);
}

寻求帮助