[英]How to authenticate with Azure Resource Manager using managed identity in C#
I am trying to use the managedIdentity to get a token that I can then use to list resources in the resource group.我正在尝试使用 managedIdentity 获取一个令牌,然后我可以使用该令牌列出资源组中的资源。 I am getting an error when attempting to get the token.
尝试获取令牌时出现错误。 The GetToken() api seems to be adding other strings (offline_access openid) internally to the scope I provided and fails that the scope is not a valid url. From the error, it appears that I am not using the api correctly.
GetToken() api 似乎在内部向我提供的 scope 添加其他字符串(offline_access openid),但失败了,因为 scope 不是有效的 url。从错误来看,我似乎没有正确使用 api。 But I am also following the documentation.
但我也在关注文档。 Could some one please help track down what the issue is in my code.
有人可以帮助找出我的代码中的问题所在吗?
Code:代码:
var managedIdentityCredential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ManagedIdentityClientId = managedIdentityId });
var azureServiceTokenProvider = new AzureServiceTokenProvider("RunAs=App");
AccessToken accessToken = managedIdentityCredential.GetToken(new TokenRequestContext(new string[] { "https://management.azure.com/" }));
Error: Azure.Identity.AuthenticationFailedException: SharedTokenCacheCredential authentication failed.错误:Azure.Identity.AuthenticationFailedException:SharedTokenCacheCredential 身份验证失败。 ---> Microsoft.Identity.Client.MsalServiceException: AADSTS70011: The provided request must include a 'scope' input parameter.
---> Microsoft.Identity.Client.MsalServiceException:AADSTS70011:提供的请求必须包含“范围”输入参数。 The provided value for the input parameter 'scope' is not valid.
为输入参数“scope”提供的值无效。 The scope https://management.azure.com/ offline_access openid profile is not valid.
scope https://management.azure.com/offline_access openid 配置文件无效。 The scope format is invalid.
scope 格式无效。 Scope must be in a valid URI form https://example/scope or a valid Guid <guid/scope>.
Scope 必须采用有效的 URI 形式https://example/scope或有效的 Guid <guid/scope>。
To get the token with MSI(managed identity), make sure you ran the code in the Azure services that support the managed identity .要使用 MSI(托管身份)获取令牌,请确保您在支持托管身份的 Azure 服务中运行了代码。
After enabling the system-assigned MSI for the service, then use the code below directly.为服务启用系统分配的MSI后,直接使用下面的代码。
var azureServiceTokenProvider = new AzureServiceTokenProvider("RunAs=App");
string accessToken = azureServiceTokenProvider.GetAccessTokenAsync("https://management.azure.com/").Result;
Console.WriteLine(accessToken)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.