問題描述

我嘗試了 3 種方法都沒有結果:

I've tried 3 ways with no result:

1. 根據這篇文章 https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx 我已經在 AAD 中注冊了具有訪問 Azure 服務管理 API 權限的新 Web 應用程序(步驟 1-9)并編寫了推薦的兩行代碼來獲取令牌:

1. According to this article https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx I've registered new web application in AAD with permissions to Access Azure Service Management API (steps 1-9) and written the recommended two lines of code to acquire the token:

    var context = new AuthenticationContext($"https://login.windows.net/{tenantId}");
    var result = context.AcquireToken("https://management.core.windows.net/", clientId, new Uri(redirectUri));

，但它失敗了，異常:

Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException was unhandled
Message: An unhandled exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' occurred in Microsoft.IdentityModel.Clients.ActiveDirectory.dll
Additional information: AADSTS90014: The request body must contain the following parameter: 'client_secret or client_assertion'.
Trace ID: aa2d6962-5aea-4f8e-bed4-9e83c7631887
Correlation ID: f7f1a61e-1720-4243-96fa-cff182150931

1. 我也試過了:

    var context = new AuthenticationContext($"https://login.windows.net/{tenantId}");
    var result = context.AcquireToken("https://management.core.windows.net/", new ClientCredential(clientId, clientSecret));

其中 clientSecret 是我的應用程序的秘密應用程序密鑰.此版本返回一個令牌，但使用此令牌的請求返回 403 禁止:服務器未能驗證請求.驗證證書是否有效并與此訂閱相關聯.

where clientSecret is secret app key of my application. This version returns a token, but requests with this token returns 403 Forbidden:The server failed to authenticate the request. Verify that the certificate is valid and is associated with this subscription.

1. 最后，我找到了 http://blogs.msdn.com/b/cloud_solution_architect/archive/2015/03/02/authenticating-azure-service-management-api-with-azure-ad-user-credentials.aspx，建議:

    var context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId));

    // TODO: Replace with your Azure AD user credentials (i.e. admin@contoso.onmicrosoft.com)
    string user = "{YOUR-USERID]";
    string pwd = "{YOUR-USER-PASSWORD}";
    var userCred = new UserCredential(user, pwd);

    AuthenticationResult result =
    await context.AcquireTokenAsync("https://management.core.windows.net/", clientId, userCred);

但它也會失敗，與第一種情況相同......

but it also fails with the same exception as in the first case...

你能幫幫我嗎?

推薦答案

在 Azure 門戶中創建應用程序時，應將應用程序類型"更改為本地客戶端應用程序".

You should change the "Application Type" to "NATIVE CLIENT APPLICATION" while creating the application in the Azure portal.

這篇關于如何通過 AAD 對 Azure 服務管理請求進行身份驗證的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！