問題描述

我必須針對 Azure AD 對應用程序進行身份驗證.我創建了 Web API 并將其添加到 Azure AD 應用程序部分.更改了清單文件，創建了一個 Web API 并通過 Azure AD 進行了身份驗證，并創建了一個 Windows 表單，其中包含以下代碼:

I have to authenticate an application against Azure AD. I have created the web API and added it to the Azure AD application section. Changed the manifest file, created a web API and authenticated with the Azure AD and created a Windows form, containing the following code:

 private async void button1_Click(object sender, EventArgs e)
 {
    string authority = "https://login.windows.net/test113.onmicrosoft.com";
    string resourceURI = "https://test113.onmicrosoft.com/ftp";
    string clientID = "5177ef76-cbb4-43a8-a7d0-899d3e886b34";
    Uri returnURI = new Uri("http://keoftp");

    AuthenticationContext authContext =
        new AuthenticationContext(authority);
    AuthenticationResult authResult =
        authContext.AcquireToken(resourceURI, clientID, returnURI);

    string authHeader = authResult.CreateAuthorizationHeader();

    // don't do this in prod
    System.Net.ServicePointManager.ServerCertificateValidationCallback =
            ((s, c, c2, se) => true);

    HttpClient client = new HttpClient();
    HttpRequestMessage request =
        new HttpRequestMessage(HttpMethod.Get, "https://localhost:44300/api/tasks");
    request.Headers.TryAddWithoutValidation("Authorization", authHeader);
    var response = await client.SendAsync(request);
    string responseString = await response.Content.ReadAsStringAsync();
    MessageBox.Show(responseString);
}

我有一個例外:

類型異常'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException'發生在 Microsoft.IdentityModel.Clients.ActiveDirectory.dll 但未在用戶代碼中處理

An exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' occurred in Microsoft.IdentityModel.Clients.ActiveDirectory.dll but was not handled in user code

附加信息:AADSTS50001:應用程序名為在名為的租戶中找不到 https://test113.onmicrosoft.com/ftptest113.onmicrosoft.com.如果應用程序沒有發生這種情況由租戶的管理員安裝或由租戶同意租戶中的任何用戶.您可能已經發送了您的身份驗證請求錯誤的租戶.

Additional information: AADSTS50001: The application named https://test113.onmicrosoft.com/ftp was not found in the tenant named test113.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

跟蹤 ID:e782d60e-b861-46a3-b32b-f3df78396bd0相關標識:b4809815-2755-4de1-bd1b-0221d74fd0f0 時間戳:2016-03-17 11:20:08Z

Trace ID: e782d60e-b861-46a3-b32b-f3df78396bd0 Correlation ID: b4809815-2755-4de1-bd1b-0221d74fd0f0 Timestamp: 2016-03-17 11:20:08Z

推薦答案

resource in the request 是指你想在特定租戶中訪問的資源.當本機客戶端需要從 Azure Active Directory 獲取令牌時，它需要指定要為其獲取令牌的資源.在這種情況下，客戶端應用程序想要訪問 Web API，因此 Web API 的 APP ID URI 用作資源名稱.獲得令牌后，它還需要知道可以訪問資源的 URL，在這種情況下是 Web API 的地址.例如:

Resource in the request means the resource which you want to access in the particular tenant. When a native client needs to get a token from Azure Active Directory, it needs to specify the resource it wants a token for. In this scenario the client application wants access to the Web API so the APP ID URI for the Web API is used as the resource name. After it has the token it also needs to know the URL where the resource can be accessed, in this case the address of the Web API.For example:

// Resource settings this application wants to access
private string resource = "https://cloudalloc.com/CloudAlloc.WebAPI";
private Uri WebAPIUri = new Uri("https://localhost:44313");

這兩個設置都可以在 Azure 管理門戶中 Web API 應用程序的配置頁面的單一登錄部分中找到.

Both of these settings can be found in the single sign-on section of the CONFIGURE page for the Web API application in the Azure Management portal.

單擊 這里了解更多詳情.

這篇關于在名為 test113.onmicrosoft.com 的租戶中找不到名為 HTTPS://test113.onmicrosoft.com/FTP 的應用程序的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！