1. 首頁
  2. 問答
  3. 使用集成安全性獲取Azure密鑰庫祕密

使用集成安全性獲取Azure密鑰庫祕密

2016-02-23 91 views
2

我所看到的有關獲取訪問Azure密鑰保險庫的訪問令牌的所有示例都涉及使用ClientId和ClientSecret爲衆所周知的https://vault.azure.net資源請求令牌。使用集成安全性獲取Azure密鑰庫祕密

這工作正常......但我希望能夠使用集成安全來獲取訪問密鑰庫的訪問令牌。

例如,我有

const string VaultResource = "https://vault.azure.net"; 
var context = new AuthenticationContext(myTenantAuthority, false); 

// using integrated auth 
var token1 = await context.AcquireTokenAsync(VaultResource, nativeAppClientId, new UserCredential()); 

// OR interactive 
var token2 = context.AcquireToken(VaultResource, nativeAppClientId, new Uri("https://localhost"), 
    PromptBehavior.Auto, new UserIdentifier(UserPrincipal.Current.UserPrincipalName, UserIdentifierType.RequiredDisplayableId));

兩次努力都失敗。第一個說

Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException occurred 
    ErrorCode=invalid_grant 
    HResult=-2146233088 
    Message=AADSTS65001: The user or administrator has not consented to use the application with ID '306d0ff4-0f32-4c38-bdb9-4ea500000000'. Send an interactive authorization request for this user and resource. 
Trace ID: 2ca2fb3f-3931-4868-b176-700f29158a3a 
Correlation ID: 39875bc5-cb1c-4a62-925d-7448d8716f30 
Timestamp: 2016-02-23 08:51:45Z 
    Source=Microsoft.IdentityModel.Clients.ActiveDirectory 
    StatusCode=400 
    StackTrace: 
     at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpHelper.<SendPostRequestAndDeserializeJsonResponseAsync>d__0`1.MoveNext() 
    --- End of stack trace from previous location where exception was thrown --- 
     at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) 
     at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
     at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.<SendHttpMessageAsync>d__15.MoveNext() 
    --- End of stack trace from previous location where exception was thrown --- 
     at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) 
     at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)

而第二個:

Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException occurred 
    ErrorCode=access_denied 
    HResult=-2146233088 
    Message=AADSTS65005: The client application has requested access to resource 'https://vault.azure.net'. This request has failed because the client has not specified this resource in its requiredResourceAccess list. 
Trace ID: 5652658c-54bf-4880-bcc8-dea822a4b10b 
Correlation ID: 1f97c7c0-858f-4542-9936-4a5114a93cc0 
Timestamp: 2016-02-23 08:36:17Z 
    Source=Microsoft.IdentityModel.Clients.ActiveDirectory 
    StatusCode=0 
    StackTrace: 
     at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task)

如何更新requiredResourceAccessList?

更新:這是應用程序的配置

enter image description here

來源

2016-02-23 Jeff

+0

您可能感興趣的:http://stackoverflow.com/questions/30096576/using-adal-for-accessing-the-azure-keyvault-on-behalf-of-a-user – fernacolo

回答

相關問題

 相關問題