.net core 从.NET控制台应用程序登录Azure管理API
我正在创建一个控制台应用程序,它登录到我的业务线应用程序中,并调用一些Azure管理API。我的客户端应用程序具有执行这两项操作的权限,它可以从客户端的Blazor WASM web应用程序执行此操作。以下是Azure中的权限: 我有控制台应用程序的身份验证代码(用于登录到我的web应用程序) 这是我从控制台应用程序呼叫时的令牌:.net core 从.NET控制台应用程序登录Azure管理API,.net-core,azure-active-directory,asp.net-identity,msal,azure-management-api,.net Core,Azure Active Directory,Asp.net Identity,Msal,Azure Management Api,我正在创建一个控制台应用程序,它登录到我的业务线应用程序中,并调用一些Azure管理API。我的客户端应用程序具有执行这两项操作的权限,它可以从客户端的Blazor WASM web应用程序执行此操作。以下是Azure中的权限: 我有控制台应用程序的身份验证代码(用于登录到我的web应用程序) 这是我从控制台应用程序呼叫时的令牌: { "typ": "JWT", "alg": "RS256", "
{
"typ": "JWT",
"alg": "RS256",
"kid": "REMOVED FOR PRIVACY"
}.{
"aud": "MYAPPID",
"iss": "https://login.microsoftonline.com/TENANTID/v2.0",
"iat": 1605579071,
"nbf": 1605579071,
"exp": 1605582971,
"aio": "REMOVED FOR PRIVACY",
"name": "MYNAME",
"oid": "MYOID",
"preferred_username": "mMYUPN",
"rh": "REMOVED FOR PRIVACY",
"roles": [
"Administrator"
],
"sub": "REMOVED FOR PRIVACY",
"tid": "MYTENANTID",
"uti": "REMOVED FOR PRIVACY",
"ver": "2.0"
}
我找不到在MSAL库中指定访问群体的方法,有什么方法可以做到这一点吗?因为从我在令牌中看到的情况来看,Microsoft STS没有看到该请求是针对Azure服务管理范围的?导致该错误的原因是V1端点希望在访问群体声明中使用斜杠,而另一个端点希望将API名称与范围分开 TL;DR更改范围自
var scopes=new[]{”https://management.core.windows.net/user_impersonation"};代码>到此var scopes=new[]{”https://management.core.windows.net//user_impersonation"};代码>和它将工作
为了节省其他人两个小时的谷歌搜索时间,这里是关于调用仍然不支持v2令牌的端点的文档:
{
"typ": "JWT",
"alg": "RS256",
"x5t": "",
"kid": ""
}.{
"aud": "https://management.azure.com",
"iss": "https://sts.windows.net/TENANTID/",
"iat": 1605579273,
"nbf": 1605579273,
"exp": 1605583173,
"acr": "1",
"aio": "REMOVED FOR PRIVACY",
"amr": [
"rsa",
"mfa"
],
"appid": "MYCLIENTAPPID",
"appidacr": "0",
"family_name": "MYLASTNAME",
"given_name": "MYFIRSTNAME",
"groups": [
"AADGROUP0",
"AADGROUP1"
],
"ipaddr": "MYIPADDRES",
"name": "MYNAME",
"oid": "MYOID",
"puid": "REMOVED FOR PRIVACY",
"rh": "REMOVED FOR PRIVACY",
"scp": "user_impersonation",
"sub": "REMOVED FOR PRIVACY",
"tid": "MYTENANTID",
"unique_name": "MYUPN",
"upn": "MYUPN",
"uti": "REMOVED FOR PRIVACY",
"ver": "1.0",
"wids": [
"wid0",
"wid1",
"wid2"
],
{
"typ": "JWT",
"alg": "RS256",
"kid": "REMOVED FOR PRIVACY"
}.{
"aud": "MYAPPID",
"iss": "https://login.microsoftonline.com/TENANTID/v2.0",
"iat": 1605579071,
"nbf": 1605579071,
"exp": 1605582971,
"aio": "REMOVED FOR PRIVACY",
"name": "MYNAME",
"oid": "MYOID",
"preferred_username": "mMYUPN",
"rh": "REMOVED FOR PRIVACY",
"roles": [
"Administrator"
],
"sub": "REMOVED FOR PRIVACY",
"tid": "MYTENANTID",
"uti": "REMOVED FOR PRIVACY",
"ver": "2.0"
}