ASP.NET- Azure AD身份验证

afdcj2ne 于 2023-05-23 发布在 .NET

关注(0)|答案(1)|浏览(185)

我正在尝试在正在构建的ASP.NetWeb窗体应用程序上实现Azure AD身份验证。
预期的流程是提示用户从Azure输入用户名/密码，该用户名/密码经过身份验证，然后传递回应用程序。
我的验证码如下

Private Shared app As PublicClientApplication

    Shared Sub New()

        Dim clientId As String = ConfigurationManager.AppSettings("ida:ClientId")
        Dim redirectUri As String = ConfigurationManager.AppSettings("ida:RedirectUri")
        Dim tenantId As String = ConfigurationManager.AppSettings("ida:Tenant")
        Dim authorityUri = "https://login.microsoftonline.com/" & tenantId
        Dim scopes As String() = New String() {"https://graph.microsoft.com/User.Read"}


        app = PublicClientApplicationBuilder.Create(clientId).WithAuthority(authorityUri).WithTenantId(tenantId).WithRedirectUri(redirectUri).Build()
    End Sub

    Public Function GetAuthenticationResult() As String
        Try
            Dim scopes As String() = New String() {"https://graph.microsoft.com/User.Read"}

            Dim result As Microsoft.Identity.Client.AuthenticationResult = app.AcquireTokenInteractive(scopes).WithPrompt(Prompt.ForceLogin).ExecuteAsync().Result
            Return result.Account.Username
        Catch ex As Exception
            Err.Clear()
            Return "-"
            Exit Function
        End Try

    End Function

Private Sub BtnConnectWithAzure_Click(sender As Object, e As EventArgs) Handles BtnConnectWithAzure.Click
        Dim t As New Threading.Thread(AddressOf AuthenticateUser)
        t.SetApartmentState(ApartmentState.STA)
        t.Start()
    End Sub

    Private Sub AuthenticateUser()
        System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11 Or SecurityProtocolType.Tls12
        Dim app As New AuthenticationManager
        Dim username As String = app.GetAuthenticationResult()

        If username <> "-" Then
            Response.Redirect(username)
        End If

    End Sub

但是，我得到以下错误消息：
错误类型：invalid_client。
错误描述：AADSTS7000218：请求体必须包含以下参数：'client_assertion'或'client_secret
我已在Azure AD门户上启用“允许公共客户端流”，但似乎无法解决问题

asp.net

来源：https://stackoverflow.com/questions/76303838/asp-net-azure-ad-authentication

1条答案

按热度按时间

vsikbqxv1#

“AADSTS7000218：请求体必须包含以下参数：'client_assertion'或'client_secret”
如果您在代码中使用公共客户端应用时，将“允许公共客户端流”设置为“是”，从而错过了在移动的和桌面应用平台中添加重定向URI，则通常会出现此错误。
我注册了一个Azure AD应用，并在**Web平台添加了重定向URI**，如下所示：

当我运行下面的示例代码，使用interactive flow获取登录用户详细信息时，我得到了与下面相同的错误：

using Azure.Identity;
using Microsoft.Graph;

var scopes = new[] { "User.Read" };

var tenantId = "9d2265a5-3de9-4610-98c2-xxxxxxx";
var clientId = "7102a1a5-312f-4c91-8ca3-xxxxxxxx";

var options = new InteractiveBrowserCredentialOptions
{
    TenantId = tenantId,
    ClientId = clientId,
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
    RedirectUri = new Uri("http://localhost"),
};

var interactiveCredential = new InteractiveBrowserCredential(options);

var graphClient = new GraphServiceClient(interactiveCredential, scopes);
var result = await graphClient.Me.GetAsync();
Console.WriteLine(result.DisplayName);
Console.WriteLine(result.Id);

回复：

要解决此错误，请从Web平台中删除重定向URI，并将其添加到移动的和桌面应用平台中，如下所示：

修改后再次运行代码示例，成功得到response，如下图所示：

using Azure.Identity;
using Microsoft.Graph;

var scopes = new[] { "User.Read" };

var tenantId = "9d2265a5-3de9-4610-98c2-xxxxxxx";
var clientId = "7102a1a5-312f-4c91-8ca3-xxxxxxxx";

var options = new InteractiveBrowserCredentialOptions
{
    TenantId = tenantId,
    ClientId = clientId,
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
    RedirectUri = new Uri("http://localhost"),
};

var interactiveCredential = new InteractiveBrowserCredential(options);

var graphClient = new GraphServiceClient(interactiveCredential, scopes);
var result = await graphClient.Me.GetAsync();
Console.WriteLine(result.DisplayName);
Console.WriteLine(result.Id);

回复：

在您的案例中，从Web平台中删除重定向URI，并将其添加到移动的和桌面应用平台中。

赞(0）回复(0）举报 2023-05-23

我来回答

ASP.NET- Azure AD身份验证

1条答案

相关问题

热门标签

最新问答