个人中心
gpt4 book ai didi

.net - 使用 MSAL.NET 针对 Azure Magment API SDK 进行身份验证

转载 作者:行者123 更新时间:2023-12-04 15:43:43 27 4
gpt4 key购买 nike

尝试使用他们的 SDK 对 Azure 管理 API 进行身份验证.我可以让用户通过 MSAL.NET 进行身份验证 SDK .但是当我尝试为 ClientCrendentials 传递不记名 token 时,我可以和 AuthorizationFailed 消息。

我已启用 user_impersination并在我的 Active Directory 实例中委派权限并通过应用程序门户注册我的应用程序。

租户设置为 common

   class Program
   {

       static readonly string TenantID = ConfigurationManager.AppSettings.Get("tenant_id");
       static readonly string ClientID = ConfigurationManager.AppSettings.Get("client_id");
       static readonly string Scopes = ConfigurationManager.AppSettings.Get("scopes");

       static AuthenticationResult Authentication { get; set; }
       static AzureEnvironment AzureEnvironment => AzureEnvironment.AzureGlobalCloud;

       static void Main(string[] args)
       {
           // useful links
           // Micorosft.Identity.Client https://github.com/AzureAD/microsoft-authentication-library-for-dotnet
           DoLoginAsync().Wait();
           CallAzure().Wait();
           //CallMsGraphAPI().Wait();

           Console.Read();
       }

       static async Task DoLoginAsync()
       {
           try
           {
               IPublicClientApplication client = PublicClientApplicationBuilder.Create(ClientID)
                   .WithAuthority(AzureCloudInstance.AzurePublic, TenantID)
                   .Build();

               Authentication = await client.AcquireTokenInteractive(Scopes.Split(','))
                   .ExecuteAsync();
           }
           catch (Exception ex)
           {
               Console.WriteLine(ex);
           }
       }

       static async Task CallAzure()
       {
           try
           {
               var client = RestClient.Configure()
                   .WithEnvironment(AzureEnvironment)
                   .WithCredentials(GetCredentials())
                   .WithLogLevel(HttpLoggingDelegatingHandler.Level.BodyAndHeaders)
                   .Build();

               var subscriptionClient = new SubscriptionClient(client);

               var subscriptions = await subscriptionClient.Subscriptions.ListAsync();

               Console.WriteLine(subscriptions); // fails
           }
           catch(Exception ex)
           {
               Console.WriteLine(ex);
           }
       }

       static AzureCredentials GetCredentials()
       {
           var provider = new StringTokenProvider(Authentication.AccessToken, "Bearer");
           var tokenCredentials = new TokenCredentials(provider, TenantID, Authentication.Account.Username);

           return new AzureCredentials(tokenCredentials, tokenCredentials, TenantID, AzureEnvironment);
       }
   }

我认为可以使用在 GetCredentials 中返回的不记名 token 来授权用户。方法我有。

最佳答案

我设法解决了这个问题,有两件事值得指出

  • Audience是帐号TenantId .如果您不确定这是如何工作的,您可以在官方 Microsoft 页面上了解更多信息。
  • scopes看起来好像支持多个范围的参数,但它确实不支持。超过一个scope导致发生错误

    • 有用的资源
  • single to multi tenant applications
  • application audiences
  • choosing an authentication provider
  • Best practices for ConfigureAwait
    class Program
    {
        static AuthenticationResult AuthenticationResult { get; set; }
        static readonly string ClientId = ConfigurationManager.AppSettings.Get("ClientId") ?? throw new ApplicationException("No ClientID configured in <appsettings /> App.Config");
        static readonly IEnumerable<string> Scopes = new[] { "https://management.azure.com/user_impersonation" };

        static IPublicClientApplication App { get; set; }

        static void Main(string[] args)
        {
            App = PublicClientApplicationBuilder.Create(ClientId)
                    .WithLogging((level, message, containsPii) =>
                    {
                        Console.WriteLine("Error when using Public Client");
                        Console.WriteLine($"{level}: {message}");
                    }, LogLevel.Verbose, true, true)
                    .WithAuthority(AzureCloudInstance.AzurePublic, AadAuthorityAudience.AzureAdMultipleOrgs, true)
                    .Build();

            DoLoginAsync().Wait();
            CallAzureMangementRestApiAsync().Wait();
        }

        static async Task DoLoginAsync()
        {
            try
            {
                var accounts = await App.GetAccountsAsync().ConfigureAwait(false);

                try
                {
                    AuthenticationResult = await App.AcquireTokenSilent(Scopes, accounts.FirstOrDefault())
                        .ExecuteAsync()
                        .ConfigureAwait(false);
                }
                catch (MsalUiRequiredException)
                {
                    AuthenticationResult = await App.AcquireTokenInteractive(Scopes)
                        .ExecuteAsync()
                        .ConfigureAwait(false);
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }
        }

        static async Task CallAzureMangementRestApiAsync()
        {
            try
            {
                try
                {
                    var accounts = await App.GetAccountsAsync().ConfigureAwait(false);

                    AuthenticationResult = await App.AcquireTokenSilent(Scopes, accounts.FirstOrDefault())
                        .WithAuthority(AzureCloudInstance.AzurePublic, AuthenticationResult.TenantId)
                        .ExecuteAsync()
                        .ConfigureAwait(false);
                }
                catch (MsalUiRequiredException)
                {
                    // UI needs to have the user call in
                    AuthenticationResult = await App.AcquireTokenInteractive(Scopes)
                        .WithAuthority(AzureCloudInstance.AzurePublic, AuthenticationResult.TenantId)
                        .ExecuteAsync()
                        .ConfigureAwait(false);
                }

                var client = RestClient.Configure()
                    .WithEnvironment(AzureEnvironment.FromName(AuthenticationResult?.Account?.Environment) ?? AzureEnvironment.AzureGlobalCloud)
                    .WithCredentials(GetAzureCredentials())
                    .WithLogLevel(HttpLoggingDelegatingHandler.Level.BodyAndHeaders)
                    .Build();

                using (var subscriptionClient = new SubscriptionClient(client))
                {
                    var subscriptions = await subscriptionClient.Subscriptions
                        .ListAsync()
                        .ConfigureAwait(false);

                    foreach (var s in subscriptions)
                    {
                        Console.WriteLine($"Id={s.Id};subscriptionId={s.SubscriptionId};displayName={s.DisplayName}");
                    }
                }
            }
            catch (Exception e)
            {
                Console.WriteLine(e);
            }
        }

        static AzureCredentials GetAzureCredentials()
        {
            var provider = new StringTokenProvider(AuthenticationResult.AccessToken, "Bearer");
            var token = new TokenCredentials(provider, AuthenticationResult.TenantId, AuthenticationResult.IdToken != null ? AuthenticationResult.UniqueId : AuthenticationResult.IdToken);

            return new AzureCredentials(token, token, AuthenticationResult.TenantId, AzureEnvironment.AzureGlobalCloud);
        }
    }

    • 关于.net - 使用 MSAL.NET 针对 Azure Magment API SDK 进行身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56796024/

    27 4 0
    文章推荐: command-prompt - 使用.bat文件打开pipenv虚拟环境,然后运行命令
    文章推荐: php - 限制在 WhereHas 内
    文章推荐: wpf - XAML 的新手。 x : and :x mean? 是什么意思
    文章推荐: git rebase : passing multiple strategy options
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    全站热门文章
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com