如何通过AADvalidationAzure服务管理请求

我尝试了3种没有结果的方法:

  1. 根据这篇文章https://msdn.microsoft.com/en-us/library/azure/ee460782.aspx我在AAD注册了新的Web应用程序,具有访问Azure Service Management API的权限(步骤1-9)并编写建议的两行代码来获取令牌:
var context = new AuthenticationContext($"https://login.windows.net/{tenantId}"); var result = context.AcquireToken("https://management.core.windows.net/", clientId, new Uri(redirectUri)); 

,但它失败,但例外:

 Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException was unhandled Message: An unhandled exception of type 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' occurred in Microsoft.IdentityModel.Clients.ActiveDirectory.dll Additional information: AADSTS90014: The request body must contain the following parameter: 'client_secret or client_assertion'. Trace ID: aa2d6962-5aea-4f8e-bed4-9e83c7631887 Correlation ID: f7f1a61e-1720-4243-96fa-cff182150931 
  1. 我也尝试过:
  var context = new AuthenticationContext($"https://login.windows.net/{tenantId}"); var result = context.AcquireToken("https://management.core.windows.net/", new ClientCredential(clientId, clientSecret)); 

其中clientSecret是我的应用程序的秘密应用程序密钥。 此版本返回一个令牌,但使用此令牌的请求将返回403 Forbidden:服务器无法validation请求。 validation证书是否有效并与此订阅相关联

  1. 最后,我找到了http://blogs.msdn.com/b/cloud_solution_architect/archive/2015/03/02/authenticating-azure-service-management-api-with-azure-ad-user-credentials.aspx ,建议:
  var context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId)); // TODO: Replace with your Azure AD user credentials (ie admin@contoso.onmicrosoft.com) string user = "{YOUR-USERID]"; string pwd = "{YOUR-USER-PASSWORD}"; var userCred = new UserCredential(user, pwd); AuthenticationResult result = await context.AcquireTokenAsync("https://management.core.windows.net/", clientId, userCred); 

但它也失败了与第一种情况相同的例外……

你能帮帮我吗?

在Azure门户中创建应用程序时,应将“应用程序类型”更改为“NATIVE CLIENT APPLICATION”。