尝试从证书获取访问令牌

问题描述 投票:0回答:2

我已使用我的 Web API 应用程序配置了 Azure AD。 添加了客户端 ID、证书、租户 ID 所需的配置。 失败的身份验证上下文: 我使用 ADAl v5.2.9,authcontext 未读取资源 ID、clientcredentials 等值

Add-Type -Path "..\ADAL\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"

# Output Token and Response from AAD Graph API
$accessToken = ".\Token.txt"
$output = ".\Output.json"

# Application and Tenant Configuration
$clientId = "<AppIDGUID>"
$tenantId = "<TenantID>"
$resourceId = "https://graph.windows.net" <using my own API>
$login = "https://login.microsoftonline.com"

# Create Client Credential Using Certificate
$certFile = "<PFXFilePath>"
$certFilePassword = "<CertPassword>"
$secret = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate -ArgumentList $certFile,$certFilePassword

# Get an Access Token with ADAL
$clientCredential = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential($clientId,$secret)
$authContext = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("{0}/{1}" -f $login,$tenantId)
$authenticationResult = $authContext.AcquireToken($resourceId, $clientcredential)
($token = $authenticationResult.AccessToken) | Out-File $accessToken

# Call the AAD Graph API 
$headers = @{ 
    "Authorization" = ("Bearer {0}" -f $token);
    "Content-Type" = "application/json";
}

# Output response into a JSON file
Invoke-RestMethod -Method Get -Uri ("{0}/{1}/users?api-version=1.6" -f $resourceId,$tenantId)  -Headers $headers -OutFile $output

出现以下错误

MethodInvocationException: C:\Users\final.ps1:22
Line |
  22 |  $authenticationResult = $authContext.AcquireToken($resourceId,$client …
     |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Exception calling "AcquireToken" with "2" argument(s): "sts_token_request_failed: Token request to security token
     | service failed.  Check InnerException for more details"
authentication azure-active-directory powershell-2.0 adal
2个回答
0
投票

请尝试修改:

$authenticationResult = $authContext.AcquireToken($resourceId, $clientcredential)
($token = $authenticationResult.AccessToken) | Out-File $accessToken

至:

$authenticationTask = $authContext.AcquireTokenAsync($resourceId, $clientcredential)
$authenticationTask.Wait()
$authenticationResult = $authenticationTask.Result
($token = $authenticationResult.AccessToken) | Out-File $accessToken
0
投票

基于@Allen Wu的答案 - 您还需要使用 ClientAssertionCertificate 类而不是 ClientCredential:

# Get an Access Token with ADAL
$clientAssertionCertificate = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate($clientId,$secret)
$authContext = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("{0}/{1}" -f $login,$tenantId)
$authenticationTask = $authContext.AcquireTokenAsync($AzureADSSOResourceId, $clientAssertionCertificate)
$authenticationTask.Wait()
$authenticationResult = $authenticationTask.Result
($token = $authenticationResult.AccessToken) | Out-File $accessToken
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.