gpt4 book ai didi

c# - Multi-Tenancy Azure AD 身份验证权限错误

转载 作者:行者123 更新时间:2023-11-30 17:32:59 24 4
gpt4 key购买 nike

我是 Azure AD 身份验证新手。我在 azure 中创建了一个应用程序,并将其设置为 Multi-Tenancy ,并按如下方式设置其权限

  • 登录并阅读用户个人资料

  • 读取目录数据

这是我的Startup.Auth.cs代码

public partial class Startup
{
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"];
private string graphResourceID = "https://graph.windows.net";
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private string authority = aadInstance + "common";
private ApplicationDbContext db = new ApplicationDbContext();

public void ConfigureAuth(IAppBuilder app)
{

app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

app.UseCookieAuthentication(new CookieAuthenticationOptions { });

app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
// instead of using the default validation (validating against a single issuer value, as we do in line of business apps),
// we inject our own multitenant validation logic
ValidateIssuer = false,
},
Notifications = new OpenIdConnectAuthenticationNotifications()
{
SecurityTokenValidated = (context) =>
{
return Task.FromResult(0);
},
AuthorizationCodeReceived = (context) =>
{
var code = context.Code;

ClientCredential credential = new ClientCredential(clientId, appKey);
string tenantID = context.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;

AuthenticationContext authContext = new AuthenticationContext(aadInstance + tenantID, new ADALTokenCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceID);

return Task.FromResult(0);
},
AuthenticationFailed = (context) =>
{
context.OwinContext.Response.Redirect("/Home/Error");
context.HandleResponse(); // Suppress the exception
return Task.FromResult(0);
}
}
});

}
}

但是当我尝试运行应用程序并登录时,它给了我错误

    You can't access this application 
XXXXXXX needs permission to access resources in your organization that only an admin can grant.
Please ask an admin to grant permission to this app before you can use it.

Have an admin account? Sign in with that account
Return to the application without granting consent

最佳答案

管理员必须首先授予权限,以便其他用户能够访问资源。尝试以下步骤

  1. 以管理员身份登录门户
  2. 转到您的应用注册边栏
  3. 点击所需权限
  4. 在顶部的权限边栏选项卡中,点击授予权限链接。
  5. 阅读确认消息并点击“确定”。

现在尝试使用非管理员用户登录。

希望this article有帮助。

关于c# - Multi-Tenancy Azure AD 身份验证权限错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45119163/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com