问题
i am trying to use Microsoft.Azure.Management.Resources library to manage some Azure resources. I have registered app in Azure AD and i gave it all permissons. I took its ApplicationId and Secret + TennantId and SubscriptionId and tried to obtaion AccessToken like this:
var clientCredential = new ClientCredential(_model.DeploymentDetails.CliendId, _model.DeploymentDetails.ClientSecret);
var context = new AuthenticationContext("https://login.windows.net/"+model.DeploymentDetails.TennantId);
_accessToken = context.AcquireTokenAsync("https://management.azure.com/", clientCredential).Result.AccessToken;
_resourceManagementClient = new ResourceManagementClient(new TokenCloudCredentials(_model.DeploymentDetails.SubscriptionId,_accessToken));
I get some AccessToken. BUT when i try to use it like this:
var x = _resourceManagementClient.ResourceGroups.List(...);
I get this error:
Additional information: InvalidAuthenticationToken: The received access token is not valid: at least one of the claims 'puid' or 'altsecid' or 'oid' should be present. If you are accessing as application please make sure service principal is properly created in the tenant.
Any ideas?
Thank you very much.
回答1:
As far as I know, Microsoft.Azure.Management.Resources.dll that implements the ARM API. We need to assign application to role, after that then we can use token in common. More information about how to assign application to role please refer to the article .This blog also has more detail steps to get AceessToken.
来源:https://stackoverflow.com/questions/40498446/azure-invalid-accesstoken