是否应将托管服务标识用于从Console App进行Azure App Service访问
[英]Should Managed Service Identities be used for Azure App Service access from Console App
问题描述
I have a console app that is running inside our enterprise that needs to access as App Service Web API. 
我有一个在我们的企业内运行的控制台应用程序,需要作为App Service Web API访问。 What is the best way to handle authentication. 处理身份验证的最佳方法是什么。 I tried registering the App with AD, but it still seems like it cant't see the App Service. 我尝试用AD注册应用程序,但似乎仍然看不到App Service。 I tried the following code, but I am not sure this is even the right API to use. 我尝试了以下代码,但我不确定这是否是正确的API。
var App = ConfidentialClientApplicationBuilder.Create(CoreConstants.Auth_ClientId)
.WithAuthority(CoreConstants.Auth_Authority)
.WithClientSecret("xxxxxxxxxxxxxx")
.Build();
var token = App.AcquireTokenForClient(scopes).ExecuteAsync();
token.Wait();
This fails saying the scope is not defined. 这无法说明范围未定义。 It looks like it is in Azure. 它看起来像是在Azure中。
1 个解决方案
解决方案1
0 2019-04-22 15:11:38
First of all, you need to create role assignments for your App identity. 首先,您需要为App身份创建角色分配。 And then you can get the access tokens from the identity. 然后,您可以从身份获取访问令牌。 The code will like this: 代码将是这样的:
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.Azure.KeyVault;
// ...
var azureServiceTokenProvider = new AzureServiceTokenProvider();
string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://vault.azure.net");
// OR
var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
Do not forget to add references to the Microsoft.Azure.Services.AppAuthentication and any other necessary NuGet packages to your application. 不要忘记将Microsoft.Azure.Services.AppAuthentication和任何其他必需的NuGet包的引用添加到您的应用程序。 For more details, see Obtaining tokens for Azure resources with App MSI . 有关更多详细信息,请参阅使用App MSI获取Azure资源的令牌 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.