我有一个由VS的Windows Template Studio创建的应用程序。我已经进行身份验证,并且可以使用与Azure门户相同的凭据(交互式)成功获取令牌。
using Microsoft.Identity.Client
...
private IPublicClientApplication _client;
_client = PublicClientApplicationBuilder.Create(_clientId)
.WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
.WithRedirectUri($"msal{_clientId}://auth")
.Build();
var accounts = await _client.GetAccountsAsync();
_authenticationResult = await _client.AcquireTokenInteractive(_scopes)
.WithAccount(accounts.FirstOrDefault())
.ExecuteAsync();
如何将令牌与Azure API库一起使用,例如:
Microsoft.Azure.Management.ResourceManager.Fluent
Microsoft.Azure.Services.AppAuthentication
答案 0 :(得分:1)
根据我的测试,我们可以使用访问令牌来管理Azure资源 Microsoft.Azure.Management.ResourceManager.Fluent SDk。有关更多详细信息,请参阅Using authentication token in azure sdk fluent。详细步骤如下。
var client = PublicClientApplicationBuilder.Create(clientId)
.WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
.WithRedirectUri($"msal{clientId}://auth")
.Build();
var accounts = client.GetAccountsAsync().Result;
string[] scopes = { "https://management.azure.com/user_impersonation" };
var result = client.AcquireTokenInteractive(scopes)
.WithAccount(accounts.FirstOrDefault())
.ExecuteAsync().Result;
string subscritionID = ""; // the subciption Id
string tenantId= "";// the tenata contains the subscription you use
TokenCredentials tokenCredentials = new TokenCredentials(result.AccessToken);
var azureCredentials = new AzureCredentials(tokenCredentials, tokenCredentials, tenantId, AzureEnvironment.AzureGlobalCloud);
var restClient = RestClient
.Configure()
.WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.WithCredentials(azureCredentials)
.Build();
var azure = Azure
.Authenticate(restClient, tenantId)
.WithSubscription(subscritionID);
var sp = azure.ResourceGroups.List();
foreach (var group in sp) {
Console.WriteLine("group name :"+ group.Name);
}
此外,关于sdk Microsoft.Azure.Services.AppAuthentication,它还用于使服务能够向Azure服务进行身份验证。换句话说,这是获取令牌的另一种方法。但是它仅支持使用Azure MSI进行身份验证。