堆栈内存溢出
  简体   繁体   English

使用基于live.com的帐户验证用户身份时,AADSTS50020错误

[英]AADSTS50020 error when authenticating user with live.com based account

 原文  2017-03-10 22:03:13       azure/ azure-active-directory/ azure-web-app-service

问题描述

I am working on an app that manages azure resources for customers (provision VMs, create VNets). 我正在开发一个为客户管理天蓝色资源的应用程序(供应VM,创建VNet)。

We have created a multi-tenant application in the azure portal that is configured for Delegated permissions of Windows Azure Service Management API and Windows Azure Active Directory. 我们已经在azure门户中创建了一个多租户应用程序,该应用程序配置为Windows Azure服务管理API和Windows Azure Active Directory的委派权限。

We are able to login AAD based account without a problem. 我们能够成功登录基于AAD的帐户。 But when a live.com based account logs in, the user gets a AADSTS50020 error. 但是,当基于live.com的帐户登录时,用户会收到AADSTS50020错误。

We for the login, we are navigating to https://login.microsoftonline.com/common/OAuth2/Authorize with the following parameters: 对于登录,我们使用以下参数导航到https://login.microsoftonline.com/common/OAuth2/Authorize 

client_id=XXX&response_mode=query&response_type=code&redirect_uri=XXX&prompt=consent

Here is the full error message: 这是完整的错误消息:

AADSTS50020: User account 'xxx@hotmail.com' from identity provider 'live.com' does not exist in tenant 'XXX' and cannot access the application 'xxx' in that tenant. AADSTS50020:来自身份提供者“ live.com”的用户帐户“ xxx@hotmail.com”在租户“ XXX”中不存在,并且无法访问该租户中的应用程序“ xxx”。 The account needs to be added as an external user in the tenant first. 首先需要将该帐户作为外部用户添加到租户中。 Sign out and sign in again with a different Azure Active Directory user account. 注销并使用其他Azure Active Directory用户帐户再次登录。

1 个解决方案

解决方案1
 0  2019-09-05 19:14:57

You need to use V2 endpoints in order to allow access from personal microsoft accounts. 您需要使用V2终结点才能允许来自个人microsoft帐户的访问。 I run into the same problems by using the v1 endpoint. 我使用v1端点遇到了同样的问题。

Use this endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize 使用此终结点: https://login.microsoftonline.com/common/oauth2/v2.0/authorize : https://login.microsoftonline.com/common/oauth2/v2.0/authorize

For example: 例如:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize ?client_id=ffffff-1111-2222-3333-37fd4f8c20ee &response_type=id_token &redirect_uri=http://localhost:8080/login/microsoft/callback &response_mode=form_post &prompt=consent &scope=openid &state=12345 &nonce=RandomGUI

Good luck 祝好运

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AADSTS50020 来自身份提供商“live.com”的用户帐户“xxx@zbc.com”在租户“xx-xx-xx-xx”中不存在 C# Winforms 错误 - AADSTS50020 User account 'xxx@zbc.com' from identity provider 'live.com' does not exist in tenant 'xx-xx-xx-xx' Error in C# Winforms 当提示=同意并且用户是真实帐户时,Azure SSO错误:AADSTS50020 - Azure SSO Error: AADSTS50020 when prompt=consent and user is a live account 请求访问资源https://graph.windows.net/时出错AADSTS50020 - Error AADSTS50020 when requesting access to resource https://graph.windows.net/ 当我尝试登录时,Azure 门户显示错误 AADSTS50020 - Azure Portal is showing error AADSTS50020 when I try to log in 从 VS2022 登录时出现 Azure 错误 AADSTS50020 - Azure error AADSTS50020 while loggin in from VS2022 AADSTS50020:我们无法从此api版本为Microsoft帐户发行令牌 - AADSTS50020: We are unable to issue tokens from this api version for a Microsoft account Azure B2C 自定义策略 Microsoft Live.com 帐户 - 获取图片 - Azure B2C custom policy Microsoft Live.com Account - Get Picture 如何避免将login.microsoft.com重定向到live.com登录azure active dirctory - How to avoid redirect login.microsoft.com to live.com sign in azure active dirctory AADSTS700016:使用 MSAL 对 Azure 进行身份验证时无法获取访问令牌 - AADSTS700016: Failed to obtain access token when authenticating to Azure with MSAL 如果用户是另一个组的成员的组的成员,则错误 AADSTS50105 - Error AADSTS50105 if the user is member of a group that is a member of another group
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM