[英]Getting AccessToken from Azure Ad via UserName & Password
I have a Native Client registered in our Azure AD. 我在我们的Azure AD中注册了本机客户端。
When i'm using 当我使用
var ar = _context.AcquireToken(resource, clientId, returnUri);
It opens the Prompt for Username and Password. 它会打开“提示输入用户名和密码”。 If I enter them correctly I get a valid AccessToken and everything is fine. 如果输入正确,我将获得有效的AccessToken,一切都很好。
When I'm now trying to enter the credentials in code, via UserCrendtial: 当我现在尝试通过UserCrendtial在代码中输入凭据时:
var credential = new UserCredential("username", "password");
var ar = _context.AcquireToken(resource, clientId, credential);
But both resulting in an Error when I'm trying it with the directly entered Credentials. 但是当我使用直接输入的凭据尝试尝试时,都会导致错误。
AADSTS65001: No permission to access user information is configured for '4915f024-blah-blah-blah-f580ab5b0487' application, or it is expired or revoked. AADSTS65001:没有为“ 4915f024-blah-blah-blah-f580ab5b0487”应用程序配置访问用户信息的权限,或者该应用程序已过期或被吊销。
I have tried the normal (string, string)
and the (string, SecureString)
overload of the UserCredential. 我已经尝试了UserCredential的常规(string, string)
和(string, SecureString)
重载。 I have tried it with the exact same combination of username & password, which I have entered in the Prompt, of the first overload from AcquireToken. 我尝试使用与我在提示中输入的用户名和密码完全相同的组合来尝试此操作,这是AcquireToken的第一个重载。
I have also tried to give the Application in Azure all the Delegated Permissions: 我还尝试赋予Azure中的应用程序所有委派的权限:
And added Windows Azure Service Management API Application with Permission: 并添加了具有权限的Windows Azure服务管理API应用程序:
Nothing helped. 没有任何帮助。
As a sidenote, the Application in the Azure has permissions to a SharePoint O365 Tenant. 附带说明,Azure中的应用程序具有SharePoint O365租户的权限。 To Read and Write ListItems I don't know if this is relevant. 读写ListItems我不知道这是否相关。 The Resource i'm passing through is the SharePoint Adress. 我正在传递的资源是SharePoint地址。
I don't need any user access over the Graph Api to the Azure. 我不需要任何用户通过Graph Api访问Azure。 I only need that AccessToken to access our SharePoint Online. 我只需要该AccessToken即可访问我们的SharePoint Online。
Edit: 编辑:
Architecture: 建筑:
Description: 描述:
We have a Web Api Project which handles the User Authorization, Load Balancing etc. This Web Api Project, will be queried by either Native Dekstop Clients or Hybrid HTML5 & Javascript Mobile Device Apps. 我们有一个处理用户授权,负载平衡等的Web Api项目。此Web Api项目将由本机Dekstop客户端或混合HTML5和Javascript移动设备应用程序查询。
The Web Api Project needs to Read, Create, Update & Delete Data from our SharePoint O365 Tenant. Web Api项目需要从SharePoint O365租户读取,创建,更新和删除数据。 So this where I need the AccessToken to init a ClientContext or send i via a rest response. 所以这是我需要AccessToken初始化ClientContext或通过rest响应发送给我的地方。
Since the Web Api handles the User authorization, there is an endpoint for users to login already and in this endpoint I want to acquire the Token. 由于Web Api处理用户授权,因此存在一个可供用户登录的端点,并且我想在该端点中获取令牌。 That's why I want it to be silent, because the "flexbile browser popup" is already there. 这就是为什么我希望它保持沉默,因为“灵活的浏览器弹出窗口”已经存在。
Maybe I don't need in this scenario the Token acquiring with Username / Password, but then I don't know how to configure the Azure App right to work with all the different native client's. 在这种情况下,也许我不需要使用用户名/密码来获取令牌,但是我不知道如何配置Azure应用权限以与所有不同的本机客户端一起使用。
not sure if it's your case but you can use : 不确定是否是您的情况,但可以使用:
for more see ms docs and samples; 有关更多信息,请参见ms docs和示例;
The direct use of username and password has important limitations, please make sure you are not stumbling on any of the ones listed in http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to-authenticate-users-via-usernamepassword/ . 用户名和密码的直接使用有重要限制,请确保您不要绊倒http://www.cloudidentity.com/blog/2014/07/08/using-adal-net-to中列出的任何用户名和密码-authenticate-users-via-usernamepassword / 。 Also note, nothing that requires displaying a user consent screen (as all the permissions you described will) or specific disambiguation steps (like trying to use a guest user from X to access a resource protected by tenant Y) will work. 还要注意,不需要显示用户同意屏幕(如您所描述的所有权限)或特定的消歧步骤(例如尝试从X使用来宾用户访问受租户Y保护的资源)的任何操作都不会起作用。 What is your scenario? 您的情况是什么? Any specific reason for which you want to use username/password instead of the more flexible browser popup? 您要使用用户名/密码而不是更灵活的浏览器弹出窗口的任何特定原因?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.