如何从 Azure AD 获取 TokenCredentials 的访问令牌?
[英]How to get access token from Azure AD for TokenCredentials?
问题描述
I am trying to connect to my Azure account and for that I need to create TokenCredentials object which need access token as a parameter.
我正在尝试连接到我的 Azure 帐户,为此我需要创建需要访问令牌作为参数的 TokenCredentials object。 But I'm having problems to get that access token.但是我在获取该访问令牌时遇到了问题。
I have tried to do as this samle is guiding: https://github.com/Azure-Samples/azure-batch-samples/blob/master/CSharp/AccountManagement/Program.cs我已经尝试按照这个示例进行操作: https://github.com/Azure-Samples/azure-batch-samples/blob/master/CSharp/AccountManagement/Program.cs
Here is the code that I am trying to run:这是我要运行的代码:
public static async Task<ServiceClientCredentials> CreateTokenCredentialsAsync()
{
var clientId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
var redirectUri = "https://myredirecturi.com";
var authorityUri = "https://login.microsoftonline.com/common";
var resourceUri = "https://management.core.windows.net/";
var platformPrameters = new PlatformParameters(PromptBehavior.Auto);
var authContext = new AuthenticationContext(authorityUri);
AuthenticationResult authResult = await authContext.AcquireTokenAsync(
resourceUri,
clientId,
new Uri(redirectUri),
platformPrameters);
var token = authResult.AccessToken;
ServiceClientCredentials creds = new TokenCredentials(authResult.AccessToken);
return creds;
}
And I am getting following exception:我得到以下异常:
Invalid resource.
The client has requested access to a resource which is not listed in the requested permissions in the client's application registration.
Client app ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx(<my registered app name>).
Resource value from request: https://management.core.windows.net/.
Resource app ID: yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyy.
List of valid resources from app registration: ...
What should I do to make this work and get access token?我应该怎么做才能完成这项工作并获得访问令牌?
1 个解决方案
解决方案1
2 已采纳 2019-09-30 08:02:36
Sounds like you haven't added Azure Service Management API to your Required permissions when registering the app in Azure AD.在 Azure AD 中注册应用程序时,听起来您尚未将 Azure 服务管理 API 添加到所需权限。
First, find your app registration in Azure AD.首先,在 Azure AD 中找到您的应用注册。 Then go to API permissions.然后 go 到 API 权限。 Click Add a permission.单击添加权限。
Then click Azure Service Management.然后点击 Azure 服务管理。
Choose user_impersonation under Delegated permissions and click Add permissions.在 Delegated permissions 下选择 user_impersonation,然后单击 Add permissions。
Now you should be able to get the login dialog to show up.现在您应该能够显示登录对话框。 It will ask you for consent to access the ARM API as you.它会要求您同意以您的身份访问 ARM API。 If you want to avoid those prompts and allow the app to call ARM API as any signed-in user in your tenant, you can click Grant admin consent for tenant name on the API permissions tab (assuming you are an admin).如果您想避免这些提示并允许应用程序调用 ARM API 作为您租户中的任何登录用户,您可以在 ZDB974238714CA8DE634A7CE1D083A14F 上单击授予管理员同意租户名称的权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.