stackoom
  简体   繁体   中英

Access Required Response from Azure Active Directory

 原文  2016-10-06 18:33:29       azure/ azure-active-directory

Question

Going by the code provided by Microsoft (I'm assuming), I am unable to query my Azure Active Directory. Every time I call the following, I get a response of {Authorization Required.} : 

ActiveDirectoryClient client = AuthenticationHelper.GetActiveDirectoryClient();
IPagedCollection<IUser> pagedCollection = await client.Users.ExecuteAsync();

I'm new to Azure Active Directory and I'm new to the Graph and thought that the samples provided would function. They do not and I am hoping someone here can tell me either what is wrong with the code or how do I grant myself authorization to my own directory? I thought the AccessKey would be the authentication method, but apparently that's useless as it's not used in their examples.

1 answers

solution1
 2 ACCPTED  2016-10-07 03:04:09

Basically, to call the REST which protected by Azure AD which support OAuth2.0 to authorize the third-party application, we need to pass a bearer token.

And to go through the code sample, please ensure that you followed the steps list by the README.md.

Note: there is something not clear in the README.md about config the permission. The code sample is using the Azure AD Graph instead of Microsoft Graph, we need to choose the Windows Azure Active Directory instead of Microsoft Graph . And I have report this issue here .

You can see that there is a static filed named token in class AuthenticationHelper which will be set the value when the users sign-in using the code in Startup.Auth.cs like below:( not using cert) 

// Create a Client Credential Using an Application Key
ClientCredential credential = new ClientCredential(clientId, appKey);
string userObjectID = context.AuthenticationTicket.Identity.FindFirst(
    "http://schemas.microsoft.com/identity/claims/objectidentifier").Value;

AuthenticationContext authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
                                    code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);

AuthenticationHelper.token = result.AccessToken;

And here is the detail progress to acquire the token via the OAuth 2.0 code grant flow: 在此处输入图片说明

More detail about this flow you can refer here .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Active Directory access Azure Storage from browser Adding Users from one Azure Active Directory to access an application in another Azure Active Directory How to access Azure Active Directory? Not able to access Azure Active Directory Limited Azure Active Directory access? Azure Active Directory access error Ports required to open for Azure Active Directory Access Azure Active Directory secured site from other web application Azure Active Directory Error. The access token is from the wrong issuer Access users from Azure active Directory having persmison type as delegated
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM