Fatal编程技术网
  • .net-core/
  • .net core 从.NET控制台应用程序登录Azure管理API

.net core 从.NET控制台应用程序登录Azure管理API

.net-core azure-active-directory

.net core 从.NET控制台应用程序登录Azure管理API,.net-core,azure-active-directory,asp.net-identity,msal,azure-management-api,.net Core,Azure Active Directory,Asp.net Identity,Msal,Azure Management Api,我正在创建一个控制台应用程序,它登录到我的业务线应用程序中,并调用一些Azure管理API。我的客户端应用程序具有执行这两项操作的权限,它可以从客户端的Blazor WASM web应用程序执行此操作。以下是Azure中的权限: 我有控制台应用程序的身份验证代码(用于登录到我的web应用程序) 这是我从控制台应用程序呼叫时的令牌: { "typ": "JWT", "alg": "RS256", "

我正在创建一个控制台应用程序,它登录到我的业务线应用程序中,并调用一些Azure管理API。我的客户端应用程序具有执行这两项操作的权限,它可以从客户端的Blazor WASM web应用程序执行此操作。以下是Azure中的权限: 我有控制台应用程序的身份验证代码(用于登录到我的web应用程序)

这是我从控制台应用程序呼叫时的令牌:

{
  "typ": "JWT",
  "alg": "RS256",
  "kid": "REMOVED FOR PRIVACY"
}.{
  "aud": "MYAPPID",
  "iss": "https://login.microsoftonline.com/TENANTID/v2.0",
  "iat": 1605579071,
  "nbf": 1605579071,
  "exp": 1605582971,
  "aio": "REMOVED FOR PRIVACY",
  "name": "MYNAME",
  "oid": "MYOID",
  "preferred_username": "mMYUPN",
  "rh": "REMOVED FOR PRIVACY",
  "roles": [
    "Administrator"
  ],
  "sub": "REMOVED FOR PRIVACY",
  "tid": "MYTENANTID",
  "uti": "REMOVED FOR PRIVACY",
  "ver": "2.0"
}
我找不到在MSAL库中指定访问群体的方法,有什么方法可以做到这一点吗?因为从我在令牌中看到的情况来看,Microsoft STS没有看到该请求是针对Azure服务管理范围的?

导致该错误的原因是V1端点希望在访问群体声明中使用斜杠,而另一个端点希望将API名称与范围分开

TL;DR更改范围自
var scopes=new[]{”https://management.core.windows.net/user_impersonation"};到此
var scopes=new[]{”https://management.core.windows.net//user_impersonation"};和它将工作

为了节省其他人两个小时的谷歌搜索时间,这里是关于调用仍然不支持v2令牌的端点的文档:


{
  "typ": "JWT",
  "alg": "RS256",
  "x5t": "",
  "kid": ""
}.{
  "aud": "https://management.azure.com",
  "iss": "https://sts.windows.net/TENANTID/",
  "iat": 1605579273,
  "nbf": 1605579273,
  "exp": 1605583173,
  "acr": "1",
  "aio": "REMOVED FOR PRIVACY",
  "amr": [
    "rsa",
    "mfa"
  ],
  "appid": "MYCLIENTAPPID",
  "appidacr": "0",
  "family_name": "MYLASTNAME",
  "given_name": "MYFIRSTNAME",
  "groups": [
    "AADGROUP0",
    "AADGROUP1"
  ],
  "ipaddr": "MYIPADDRES",
  "name": "MYNAME",
  "oid": "MYOID",
  "puid": "REMOVED FOR PRIVACY",
  "rh": "REMOVED FOR PRIVACY",
  "scp": "user_impersonation",
  "sub": "REMOVED FOR PRIVACY",
  "tid": "MYTENANTID",
  "unique_name": "MYUPN",
  "upn": "MYUPN",
  "uti": "REMOVED FOR PRIVACY",
  "ver": "1.0",
  "wids": [
    "wid0",
    "wid1",
    "wid2"
  ],



{
  "typ": "JWT",
  "alg": "RS256",
  "kid": "REMOVED FOR PRIVACY"
}.{
  "aud": "MYAPPID",
  "iss": "https://login.microsoftonline.com/TENANTID/v2.0",
  "iat": 1605579071,
  "nbf": 1605579071,
  "exp": 1605582971,
  "aio": "REMOVED FOR PRIVACY",
  "name": "MYNAME",
  "oid": "MYOID",
  "preferred_username": "mMYUPN",
  "rh": "REMOVED FOR PRIVACY",
  "roles": [
    "Administrator"
  ],
  "sub": "REMOVED FOR PRIVACY",
  "tid": "MYTENANTID",
  "uti": "REMOVED FOR PRIVACY",
  "ver": "2.0"
}