问题
I'm trying to develop a web application that uses a certificate to authenticate with AD and then acquires a token to connect to a SQL Azure DB.
I've followed all the steps in https://azure.microsoft.com/en-us/documentation/articles/sql-database-aad-authentication/ and https://github.com/Azure-Samples/active-directory-dotnet-daemon-certificate-credential except I'm using the code sample from here - https://blogs.msdn.microsoft.com/sqlsecurity/2016/02/09/token-based-authentication-support-for-azure-sql-db-using-azure-ad-auth/
Everything goes well until I get to the line
result = await authContext.AcquireTokenAsync(sqlDBResourceId, certCred);
I'm not quite sure what to put in for sqlDBResourceId, I've tried
"https://<databasename>.database.windows.net/"
"https://<databasename>.windows.net/"
"<databasename>"
but I always get
{"AADSTS50001: The application named https://databasename.database.windows.net/ was not found in the tenant named tenantname.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.\r\nTrace ID: \r\nCorrelation ID: \r\nTimestamp: 2016-08-09 23:35:38Z"}
I was able to recieve a token when I used https://graph.windows.net/ as the sqlDBResourceId. So perhaps I haven't set up my tenant-directory-domain-db relationship correctly? Any advice on where to start would be greatly appreciated.
回答1:
Jack Zeng is correct - don't try to mess with the default resource string in the code sample, just use https://database.windows.net/.
回答2:
https://database.windows.net/ as the sqlDBResourceId is the correct answer Thx Mirek
来源:https://stackoverflow.com/questions/38862095/acquiring-azure-ad-token-for-azure-sql-server