I have created an Azure AD native client application and have given delegated permissions to Azure Service Management API. Now, I'm able to invoke the service management API using my id from a Windows Phone 8.1 app using ADAL library. However, another user can't invoke operations on their subscription even though I add them as co-administrator in my directory. I get the token for the user but when I try to make an API call, I get 'Invalid token:A security token exception occurred for the JWT token'. Is there a way to allow another user to access details about his subscriptions using ADAL authentication from an AD app hosted in someone else's AD? I have searched for any related information for quite some time and I'd gladly take any help.
问问题
344 次
1 回答
0
这是我解释你在做什么。
您有一个本机应用程序,它已连接到您的租户,并且可以正常访问您的租户/订阅中的服务管理 API。
您将应用程序提供给了一位朋友,他们正尝试使用它来访问其租户/订阅中的服务管理 API。
上面评论中的建议是正确的,但是您需要查看使本机应用程序多租户的步骤。这样,AD 服务将知道为经过身份验证的用户寻找租户。将 url 更改为使用“common”而不是租户 ID 是所需的步骤之一。这里有几篇文章可以帮助实现这种过渡。 http://www.cloudidentity.com/blog/2013/04/09/walkthrough-3-developing-multi-tenant-web-applications-with-windows-azure-ad/
这是一个 Windows 商店应用程序的多租户本机客户端示例。我在 repo 中找不到一个电话应用程序。希望这能让你走上正确的道路。 https://github.com/AzureADSamples/NativeClient-WebAPI-MultiTenant-WindowsStore
于 2015-04-16T02:15:05.773 回答