c# - 在名为 test113.onmicrosoft.com 的租户中找不到名为 HTTPS ://test113. onmicrosoft.com/FTP 的应用程序

Question

我必须根据 Azure AD 对应用程序进行身份验证。我已创建 Web API 并将其添加到 Azure AD 应用程序部分。更改了 list 文件，创建了一个 Web API 并使用 Azure AD 进行了身份验证，并创建了一个 Windows 表单，其中包含以下代码:

 private async void button1_Click(object sender, EventArgs e)
 {
    string authority = "https://login.windows.net/test113.onmicrosoft.com";
    string resourceURI = "https://test113.onmicrosoft.com/ftp";
    string clientID = "5177ef76-cbb4-43a8-a7d0-899d3e886b34";
    Uri returnURI = new Uri("http://keoftp");

    AuthenticationContext authContext =
        new AuthenticationContext(authority);
    AuthenticationResult authResult =
        authContext.AcquireToken(resourceURI, clientID, returnURI);

    string authHeader = authResult.CreateAuthorizationHeader();

    // don't do this in prod
    System.Net.ServicePointManager.ServerCertificateValidationCallback =
            ((s, c, c2, se) => true);

    HttpClient client = new HttpClient();
    HttpRequestMessage request =
        new HttpRequestMessage(HttpMethod.Get, "https://localhost:44300/api/tasks");
    request.Headers.TryAddWithoutValidation("Authorization", authHeader);
    var response = await client.SendAsync(request);
    string responseString = await response.Content.ReadAsStringAsync();
    MessageBox.Show(responseString);
}

我有一个异常(exception):

An exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' occurred in Microsoft.IdentityModel.Clients.ActiveDirectory.dll but was not handled in user code

Additional information: AADSTS50001: The application named https://test113.onmicrosoft.com/ftp was not found in the tenant named test113.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

Trace ID: e782d60e-b861-46a3-b32b-f3df78396bd0 Correlation ID: b4809815-2755-4de1-bd1b-0221d74fd0f0 Timestamp: 2016-03-17 11:20:08Z

Answer 1

请求中的资源是指您想要在特定租户中访问的资源。当 native 客户端需要从 Azure Active Directory 获取 token 时，它需要指定它想要 token 的资源。在此场景中，客户端应用程序想要访问 Web API，因此 Web API 的 APP ID URI 用作资源名称。获得 token 后，它还需要知道可以访问资源的 URL，在本例中是 Web API 的地址。例如:

// Resource settings this application wants to access
private string resource = "https://cloudalloc.com/CloudAlloc.WebAPI";
private Uri WebAPIUri = new Uri("https://localhost:44313");

这两个设置都可以在 Azure 管理门户中 Web API 应用程序的“配置”页面的单点登录部分中找到。

点击here了解更多详情。