如何使用Microsoft.Identity.Client.PublicClientApplication C#对Azure资源API的交互进行身份验证

时间:2019-10-17 05:32:48

标签: .net azure azure-active-directory azure-resource-manager azure-keyvault

我有一个由VS的Windows Template Studio创建的应用程序。我已经进行身份验证,并且可以使用与Azure门户相同的凭据(交互式)成功获取令牌。 

using Microsoft.Identity.Client
...

private IPublicClientApplication _client;

_client = PublicClientApplicationBuilder.Create(_clientId)
                  .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
                  .WithRedirectUri($"msal{_clientId}://auth")
                  .Build();

var accounts = await _client.GetAccountsAsync();  

_authenticationResult = await _client.AcquireTokenInteractive(_scopes)                                                     
                                     .WithAccount(accounts.FirstOrDefault())
                                     .ExecuteAsync();

如何将令牌与Azure API库一起使用,例如:

  • Microsoft.Azure.Management.ResourceManager.Fluent

  • Microsoft.Azure.Services.AppAuthentication

1 个答案:

答案 0 :(得分:1)

根据我的测试,我们可以使用访问令牌来管理Azure资源 Microsoft.Azure.Management.ResourceManager.Fluent SDk。有关更多详细信息,请参阅Using authentication token in azure sdk fluent。详细步骤如下。

  1. 为您使用的Azure AD应用程序配置权限。 enter image description here enter image description here

  2. 代码

var client = PublicClientApplicationBuilder.Create(clientId)
                .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
                .WithRedirectUri($"msal{clientId}://auth")
                .Build();

            var accounts = client.GetAccountsAsync().Result;
            string[] scopes = { "https://management.azure.com/user_impersonation" };
            var result = client.AcquireTokenInteractive(scopes)
                                      .WithAccount(accounts.FirstOrDefault())
                                      .ExecuteAsync().Result;

            string subscritionID = ""; // the subciption Id
            string tenantId= "";// the tenata contains the subscription you use
            TokenCredentials tokenCredentials = new TokenCredentials(result.AccessToken);
            var azureCredentials = new AzureCredentials(tokenCredentials, tokenCredentials, tenantId, AzureEnvironment.AzureGlobalCloud);
            var restClient = RestClient
            .Configure()
            .WithEnvironment(AzureEnvironment.AzureGlobalCloud)
            .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
            .WithCredentials(azureCredentials)
            .Build();
            var azure = Azure
                .Authenticate(restClient, tenantId)
                .WithSubscription(subscritionID);
            var sp = azure.ResourceGroups.List();
            foreach (var group in sp) {

                Console.WriteLine("group name :"+ group.Name);
            }

enter image description here

此外,关于sdk Microsoft.Azure.Services.AppAuthentication,它还用于使服务能够向Azure服务进行身份验证。换句话说,这是获取令牌的另一种方法。但是它仅支持使用Azure MSI进行身份验证。

相关问题
最新问题