ASP.NET- Azure AD身份验证

afdcj2ne  于 2023-05-23  发布在  .NET
关注(0)|答案(1)|浏览(187)

我正在尝试在正在构建的ASP.NetWeb窗体应用程序上实现Azure AD身份验证。
预期的流程是提示用户从Azure输入用户名/密码,该用户名/密码经过身份验证,然后传递回应用程序。
我的验证码如下

Private Shared app As PublicClientApplication

    Shared Sub New()

        Dim clientId As String = ConfigurationManager.AppSettings("ida:ClientId")
        Dim redirectUri As String = ConfigurationManager.AppSettings("ida:RedirectUri")
        Dim tenantId As String = ConfigurationManager.AppSettings("ida:Tenant")
        Dim authorityUri = "https://login.microsoftonline.com/" & tenantId
        Dim scopes As String() = New String() {"https://graph.microsoft.com/User.Read"}


        app = PublicClientApplicationBuilder.Create(clientId).WithAuthority(authorityUri).WithTenantId(tenantId).WithRedirectUri(redirectUri).Build()
    End Sub

    Public Function GetAuthenticationResult() As String
        Try
            Dim scopes As String() = New String() {"https://graph.microsoft.com/User.Read"}

            Dim result As Microsoft.Identity.Client.AuthenticationResult = app.AcquireTokenInteractive(scopes).WithPrompt(Prompt.ForceLogin).ExecuteAsync().Result
            Return result.Account.Username
        Catch ex As Exception
            Err.Clear()
            Return "-"
            Exit Function
        End Try

    End Function
Private Sub BtnConnectWithAzure_Click(sender As Object, e As EventArgs) Handles BtnConnectWithAzure.Click
        Dim t As New Threading.Thread(AddressOf AuthenticateUser)
        t.SetApartmentState(ApartmentState.STA)
        t.Start()
    End Sub

    Private Sub AuthenticateUser()
        System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 Or SecurityProtocolType.Tls12
        Dim app As New AuthenticationManager
        Dim username As String = app.GetAuthenticationResult()

        If username <> "-" Then
            Response.Redirect(username)
        End If

    End Sub

但是,我得到以下错误消息:
错误类型:invalid_client。
错误描述:AADSTS7000218:请求体必须包含以下参数:'client_assertion'或'client_secret
我已在Azure AD门户上启用“允许公共客户端流”,但似乎无法解决问题

vsikbqxv

vsikbqxv1#

“AADSTS7000218:请求体必须包含以下参数:'client_assertion'或'client_secret”
如果您在代码中使用公共客户端应用时,将“允许公共客户端流”设置为“是”,从而错过了在移动的和桌面应用平台中添加重定向URI,则通常会出现此错误。
我注册了一个Azure AD应用,并在**Web平台添加了重定向URI**,如下所示:

当我运行下面的示例代码,使用interactive flow获取登录用户详细信息时,我得到了与下面相同的错误:

using Azure.Identity;
using Microsoft.Graph;

var scopes = new[] { "User.Read" };

var tenantId = "9d2265a5-3de9-4610-98c2-xxxxxxx";
var clientId = "7102a1a5-312f-4c91-8ca3-xxxxxxxx";

var options = new InteractiveBrowserCredentialOptions
{
    TenantId = tenantId,
    ClientId = clientId,
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
    RedirectUri = new Uri("http://localhost"),
};

var interactiveCredential = new InteractiveBrowserCredential(options);

var graphClient = new GraphServiceClient(interactiveCredential, scopes);
var result = await graphClient.Me.GetAsync();
Console.WriteLine(result.DisplayName);
Console.WriteLine(result.Id);

回复:

要解决此错误,请从Web平台中删除重定向URI,并将其添加到移动的和桌面应用平台中,如下所示:

修改后再次运行代码示例,成功得到response,如下图所示:

using Azure.Identity;
using Microsoft.Graph;

var scopes = new[] { "User.Read" };

var tenantId = "9d2265a5-3de9-4610-98c2-xxxxxxx";
var clientId = "7102a1a5-312f-4c91-8ca3-xxxxxxxx";

var options = new InteractiveBrowserCredentialOptions
{
    TenantId = tenantId,
    ClientId = clientId,
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
    RedirectUri = new Uri("http://localhost"),
};

var interactiveCredential = new InteractiveBrowserCredential(options);

var graphClient = new GraphServiceClient(interactiveCredential, scopes);
var result = await graphClient.Me.GetAsync();
Console.WriteLine(result.DisplayName);
Console.WriteLine(result.Id);

回复:

在您的案例中,从Web平台中删除重定向URI,并将其添加到移动的和桌面应用平台中。

相关问题