调用AcquireToken时,我收到无法为托管用户使用静默身份验证的错误
我有以下代码重现错误:
$nuGetPackages = "$env:temp\packages"
$clientVersion = '3.14.2'
$libPath = Join-Path $nuGetPackages "Microsoft.IdentityModel.Clients.ActiveDirectory.$clientVersion\lib"
if (!(Test-Path $libPath)) {
Write-Host "Installing Microsoft.IdentityModel.Clients.ActiveDirectory module"
Install-Package -Name 'Microsoft.IdentityModel.Clients.ActiveDirectory' -RequiredVersion $clientVersion -ProviderName NuGet -Destination $nuGetPackages -Source http://www.nuget.org/api/v2/ -Force | Out-Null
}
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$tenantName = [string]::Join('.',([System.DirectoryServices.AccountManagement.UserPrincipal]::Current.DistinguishedName.Split(',') |? { $_.Split('=')[0] -eq 'dc' } |% { $_.Split('=')[1] }))
$authority = "https://login.windows.net/$tenantName"
$resourceAppIdUri = "https://management.core.windows.net/"
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2" # common app id
Get-ChildItem $libPath -Filter net45\Microsoft.IdentityModel.Clients.ActiveDirectory.dll |% { [System.Reflection.Assembly]::LoadFrom($_.FullName) | Out-Null }
try {
$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" -ArgumentList $env:USERNAME@$tenantName
$creds.UserAuthType
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
$task = $authContext.AcquireTokenAsync($resourceAppIdUri, $clientId, $creds)
$task.Wait()
$authResult = $task.Result
$authResult
return $authResult.AccessToken
} catch {
throw $_.Exception.ToString()
}
产生错误
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException: password_required_for_managed_user: Password is required for managed user
答案 0 :(得分:0)
此错误表示您未提供此方法的密码。如果您想使用资源所有者密码凭据流来获取访问令牌,我们应该通过UserPasswordCredential类提供用户名和密码。
以下是适用于我的代码示例:
$nuGetPackages = "$env:temp\packages"
$clientVersion = '3.14.2'
$libPath = Join-Path $nuGetPackages "Microsoft.IdentityModel.Clients.ActiveDirectory.$clientVersion\lib"
if (!(Test-Path $libPath)) {
Write-Host "Installing Microsoft.IdentityModel.Clients.ActiveDirectory module"
Install-Package -Name 'Microsoft.IdentityModel.Clients.ActiveDirectory' -RequiredVersion $clientVersion -ProviderName NuGet -Destination $nuGetPackages -Source http://www.nuget.org/api/v2/ -Force | Out-Null
}
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$tenantName = [string]::Join('.',([System.DirectoryServices.AccountManagement.UserPrincipal]::Current.DistinguishedName.Split(',') |? { $_.Split('=')[0] -eq 'dc' } |% { $_.Split('=')[1] }))
$authority = "https://login.windows.net/$tenantName"
$resourceAppIdUri = "https://management.core.windows.net/"
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2" # common app id
Get-ChildItem $libPath -Filter net45\Microsoft.IdentityModel.Clients.ActiveDirectory.dll |% { [System.Reflection.Assembly]::LoadFrom($_.FullName) | Out-Null }
try {
$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserPasswordCredential" -ArgumentList '{username}', '{password}'
#$creds.UserAuthType
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
$task = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContextIntegratedAuthExtensions]::AcquireTokenAsync($authContext,$resourceAppIdUri, $clientId, $creds)
#$task = $authContext.AcquireTokenAsync($resourceAppIdUri, $clientId, $creds)
$task.Wait()
$authResult = $task.Result
$authResult
return $authResult.AccessToken
} catch {
throw $_.Exception.ToString()
}