使用集成安全性获取Azure密钥库密钥
使用集成安全性获取Azure密钥库密钥
提问于 2016-02-23 16:55:02
我看到的关于获取访问令牌以访问Azure Key Vault的所有示例都涉及到使用ClientId和ClientSecret来请求众所周知的https://vault.azure.net资源的令牌。
这工作fine...but我希望能够使用集成的安全来获得一个访问令牌,以访问密钥库。
例如,我有
const string VaultResource = "https://vault.azure.net";
var context = new AuthenticationContext(myTenantAuthority, false);
// using integrated auth
var token1 = await context.AcquireTokenAsync(VaultResource, nativeAppClientId, new UserCredential());
// OR interactive
var token2 = context.AcquireToken(VaultResource, nativeAppClientId, new Uri("https://localhost"),
PromptBehavior.Auto, new UserIdentifier(UserPrincipal.Current.UserPrincipalName, UserIdentifierType.RequiredDisplayableId));这两种尝试都失败了。第一个说的是
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException occurred
ErrorCode=invalid_grant
HResult=-2146233088
Message=AADSTS65001: The user or administrator has not consented to use the application with ID '306d0ff4-0f32-4c38-bdb9-4ea500000000'. Send an interactive authorization request for this user and resource.
Trace ID: 2ca2fb3f-3931-4868-b176-700f29158a3a
Correlation ID: 39875bc5-cb1c-4a62-925d-7448d8716f30
Timestamp: 2016-02-23 08:51:45Z
Source=Microsoft.IdentityModel.Clients.ActiveDirectory
StatusCode=400
StackTrace:
at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpHelper.<SendPostRequestAndDeserializeJsonResponseAsync>d__0`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.<SendHttpMessageAsync>d__15.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)第二个是:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException occurred
ErrorCode=access_denied
HResult=-2146233088
Message=AADSTS65005: The client application has requested access to resource 'https://vault.azure.net'. This request has failed because the client has not specified this resource in its requiredResourceAccess list.
Trace ID: 5652658c-54bf-4880-bcc8-dea822a4b10b
Correlation ID: 1f97c7c0-858f-4542-9936-4a5114a93cc0
Timestamp: 2016-02-23 08:36:17Z
Source=Microsoft.IdentityModel.Clients.ActiveDirectory
StatusCode=0
StackTrace:
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)如何更新requiredResourceAccessList?
更新:以下是应用程序的配置方式
回答 1
Stack Overflow用户
发布于 2016-02-23 19:04:19
您可能需要设置委派权限。看看这里,https://azure.microsoft.com/en-gb/documentation/articles/active-directory-integrating-applications/
此外,您可能需要考虑使用证书进行身份验证。请参阅A more secure way to use key vault
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/35572929
复制相关文章
相似问题
腾讯云开发者
