我正在尝试使用 Microsoft.Azure.Management.Resources 库来管理一些 Azure 资源。我已在 Azure AD 中注册了应用程序,并授予了它所有权限。我获取了它的 ApplicationId 和 Secret + TennantId 和 SubscriptionId 并尝试像这样获取 AccessToken:
var clientCredential = new ClientCredential(_model.DeploymentDetails.CliendId, _model.DeploymentDetails.ClientSecret);
var context = new AuthenticationContext("https://login.windows.net/"+model.DeploymentDetails.TennantId);
_accessToken = context.AcquireTokenAsync("https://management.azure.com/", clientCredential).Result.AccessToken;
_resourceManagementClient = new ResourceManagementClient(new TokenCloudCredentials(_model.DeploymentDetails.SubscriptionId,_accessToken));
我得到了一些 AccessToken。但是当我尝试像这样使用它时:
var x = _resourceManagementClient.ResourceGroups.List(...);
我收到此错误:
其他信息:InvalidAuthenticationToken:收到的访问令牌无效:至少应存在声明“puid”或“altsecid”或“oid”之一。如果您作为应用程序访问,请确保在租户中正确创建服务主体。
有任何想法吗?
非常感谢。
As far as I know, Microsoft.Azure.Management.Resources.dll that implements the ARM API. We need to assign application to role, after that then we can use token in common. More information about how to assign application to role please refer to the article https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal/#assign-application-to-role .This blog https://blogs.technet.microsoft.com/stefan_stranger/2016/10/21/using-the-azure-arm-rest-apin-get-access-token/ also has more detail steps to get AceessToken.
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)