【发布时间】:2018-07-02 21:39:12
【问题描述】:
我将新应用程序注册为 Web 应用程序/API(非本机),添加了以组织用户身份访问 Dynamics 365 的权限。
我遵循本指南 (https://code.msdn.microsoft.com/simple-web-api-quick-start-e0ba3d6b),其中包含以下代码,唯一的区别是我更新了我的 Microsoft.IdentityModel.Clients.ActiveDirectory 库,需要对代码进行少量更改。
//Obtain the Azure Active Directory Authentication Library (ADAL)
AuthenticationParameters ap = AuthenticationParameters.CreateFromResourceUrlAsync(new Uri(serviceUrl + "api/data/")).Result;
AuthenticationContext authContext = new AuthenticationContext(ap.Authority, false);
//Note that an Azure AD access token has finite lifetime, default expiration is 60 minutes.
AuthenticationResult authResult = authContext.AcquireTokenAsync(
serviceUrl, clientId, new Uri(redirectUrl),
new PlatformParameters(PromptBehavior.Always)).Result;
当我运行这个时,我得到一个弹出窗口,我在其中填写我的凭据,然后它抛出这个错误:
AdalException: {"error":"invalid_client","error_description":"AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'.\r\nTrace ID: xxx\r\nCorrelation ID: xxx\r\nTimestamp: 2018-06-28 10:17:20Z","error_codes":[70002],"timestamp":"2018-06-28 10:17:20Z","trace_id":"xxx","correlation_id":"xxx"}: Unknown error
我尝试通过应用下面的更改来添加 client_secret,但它仍然不起作用
AuthenticationResult authResult = authContext.AcquireTokenAsync(
serviceUrl, clientId, new Uri(redirectUrl),
new PlatformParameters(PromptBehavior.Always), UserIdentifier.AnyUser,
$"client_secret={clientSecret}").Result;
但是当我运行它时它确实有效,但这不是我想要的,我想使用特定用户登录。
AuthenticationResult authResult = authContext.AcquireTokenAsync(
serviceUrl, new ClientCredential(clientId, clientSecret)).Result;
【问题讨论】:
标签: c# azure-active-directory adal dynamics-crm-online