MsalClientException:IDW10104:客户端密钥和客户端证书不能为空或空格,并且在调用 Web API 时,Web 应用程序的配置中只能包含一个。例如,在 appsettings.json 文件中。
Microsoft.Identity.Web.MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(string clientSecret, IEnumerable<CertificateDescription> cert)
Microsoft.Identity.Web.TokenAcquisition.BuildConfidentialClientApplicationAsync()
Microsoft.Identity.Web.TokenAcquisition.GetOrBuildConfidentialClientApplicationAsync()
Microsoft.Identity.Web.TokenAcquisition.AddAccountToCacheFromAuthorizationCodeAsync(AuthorizationCodeReceivedContext context, IEnumerable<string> scopes)
Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder+<>c__DisplayClass11_1+<<WebAppCallsWebApiImplementation>b__1>d.MoveNext()
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage authorizationResponse, ClaimsPrincipal user, AuthenticationProperties properties, JwtSecurityToken jwt)
Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
这是在通过 Azure AD 成功登录后发生的。我也传入了客户端密码(通过用户密码和 appSettings)。对于源代码参考,我使用以下示例项目:
答案 0 :(得分:1)
如果想在web app中调用AzureAD投射的web api,请参考以下步骤
appsettings.json
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"ClientId": "[Client_id-of-web-app-eg-2ec40e65-ba09-4853-bcde-bcb60029e596]",
"TenantId": "common"
// To call an API
"ClientSecret": "[Copy the client secret added to the app from the Azure portal]",
},
"MyApi": {
"BaseUrl": "https://graph.microsoft.com/beta",
"Scopes": "user.read"
}
}
startup.cs
using Microsoft.Identity.Web;
public class Startup
{
// ...
public void ConfigureServices(IServiceCollection services)
{
// ...
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration, "AzureAd")
.EnableTokenAcquisitionToCallDownstreamApi(new string[]{"" })
.AddDownstreamWebApi("MyApi", Configuration.GetSection("MyApi"))
.AddInMemoryTokenCaches();
// ...
}
// ...
}
[Authorize]
public class HomeController : Controller
{
readonly ITokenAcquisition tokenAcquisition;
public HomeController(ITokenAcquisition tokenAcquisition)
{
this.tokenAcquisition = tokenAcquisition;
}
[AuthorizeForScopes(Scopes = new[] { "user.read" })]
public async Task<IActionResult> Profile()
{
// Acquire the access token.
string[] scopes = new string[]{"user.read"};
string accessToken = await tokenAcquisition.GetAccessTokenForUserAsync(scopes);
// Use the access token to call a protected web API.
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
string json = await client.GetStringAsync(url);
}
}
有关详细信息,请参阅here。