对于如何使用 Azure 应用程序注册控制访问有点困惑。我正在尝试并尝试通过一个非常基本的示例来阐明我的理解。
applicationId
和一个secret
在 ADF 资源的角色分配下,未列出
testappreg
,但我可以像这样创建一个令牌并创建 DataFactoryManagementClient
的实例:
var tenant = "tenant";
var clientId = "client";
var secret = "super”_secret";
var client = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithClientSecret(secret)
.WithAuthority($"https://login.windows.net/{tenant}")
.Build();
var x = client.AcquireTokenForClient(new []{ "https://graph.microsoft.com/.default" });
var accessToken = x.ExecuteAsync().Result.AccessToken;
ServiceClientCredentials cred = new TokenCredentials(accessToken);
var dmclient = new DataFactoryManagementClient(cred) { SubscriptionId = "sub_id" };
我预计这会失败,因为我没有在
role assignments
下授予应用程序对 ADF 的访问权限。
与使用
https://graph.microsoft.com/.default
作为范围有关吗?
** 编辑 **
通过这样做设法让它工作(注意https://management.azure.com/.default的范围)
var cred = new ClientSecretCredential(tenant, clientId, secret);
var ctx = new TokenRequestContext(new string[] { "https://management.azure.com/.default" });
var token = await cred.GetTokenAsync(ctx);
var mgmtToken = new TokenCredentials(token.Token);
var client = new DataFactoryManagementClient(mgmtToken) { SubscriptionId = "SUB_ID" };
var response = await client.Pipelines.CreateRunWithHttpMessagesAsync(
"test",
"otestadf",
"foobar");
范围不正确,需要是 https://management.azure.com/.default
var cred = new ClientSecretCredential(tenant, clientId, secret);
var ctx = new TokenRequestContext(new string[] { "https://management.azure.com/.default" });
var token = await cred.GetTokenAsync(ctx);
var mgmtToken = new TokenCredentials(token.Token);
var client = new DataFactoryManagementClient(mgmtToken) { SubscriptionId = "SUB_ID" };
var response = await client.Pipelines.CreateRunWithHttpMessagesAsync(
"test",
"otestadf",
"foobar");