我正在尝试从互联网更改一个工作示例:
IAzure azure = Azure.Configure()
.Authenticate(credentials)
.WithSubscription(credentials.DefaultSubscriptionId)
像这样进入 Azure 设备身份验证:
AzureCredentials accessTokenCredentials = GetAzureAccessTokenCredentials(credentials,
AzureEndPointApi.Management,
environment);
IAzure az = Azure.Configure().Authenticate(accessTokenCredentials)
除非我需要像这样调用一些同时使用 Management API 和 Graph API 的函数,否则这仍然有效:
private static async Task<IServicePrincipal> AddAccountToRoles(IAzure azureManagement, IAzure azureGraph, IActiveDirectoryApplication activeDirectoryApp)
{
var role = azureGraph.AccessManagement.ServicePrincipals.Define($"{activeDirectoryApp.Name}-contributor")
.WithExistingApplication(activeDirectoryApp)
.WithNewRoleInSubscription(BuiltInRole.Contributor, azureGraph.SubscriptionId);
var result = await role.CreateAsync();
return result;
}
CreateAsync 根据 Fiddler 调用 Graph AP 和 Management API。所以我想它需要两个不同的访问令牌(每个服务一个),不是吗?
所以我把代码改成:
var restClient = RestClient
.Configure()
.WithBaseUri(AzureDelegatingHandler.GetBaseUri(environment, AzureEndPointApi.Management))
.WithEnvironment(environment)
.WithCredentials(GetAzureAccessTokenCredentials(credentials, AzureEndPointApi.Management, environment))
.WithBaseUri(AzureDelegatingHandler.GetBaseUri(environment, AzureEndPointApi.Graph))
.WithEnvironment(environment)
.WithCredentials(GetAzureAccessTokenCredentials(credentials, AzureEndPointApi.Graph, environment))
.Build();
IAzure azure = Azure
.Authenticate(restClient, credentials.TenantId)
.WithSubscription(credentials.DefaultSubscriptionId);
public static string GetBaseUri(AzureEnvironment environment, AzureEndPointApi azureEndPointApi)
{
switch (azureEndPointApi)
{
case AzureEndPointApi.Graph:
return environment.GraphEndpoint;
case AzureEndPointApi.Management:
return environment.ManagementEndpoint;
default:
throw new NotSupportedException(azureEndPointApi.ToString());
}
}
但是此代码提供了不正确的访问令牌 - 不是基于 REST API 端点基本 uri。
我错了什么?