我已按照 AD RMS 和 MIP SDK 教程进行操作,并使用 AD RMS、ADFS 设置了环境
以下是我的代码中的一些片段:
var engineSettings = new FileEngineSettings("internal\\sysadmin", authDelegate, "", "en-US");
engineSettings.Identity = new Identity("internal\\sysadmin");
engineSettings.ProtectionCloudEndpointBaseUrl = "https://adrms.server.com";
engineSettings.ProtectionOnlyEngine = true;
var fileEngine = Task.Run(async () => await fileProfile.AddEngineAsync(engineSettings)).Result;
...snip...
var fileHandlerResult = Task.Run(async () => await fileHandler.CommitAsync(protectedFilePath)).Result;
在 CommitAsync 行,用户被重定向到 ADFS 登录页面并登录 - 然后他们被重定向到“身份验证失败”页面,该页面显示:
Error details: error access_denied error_description: MSIS9622: Client authentication failed. Please verify the credential provided for client authentication is valid.
是否需要对 MIP SDK 示例进行其他更改才能使其与 ADFS 一起使用?这是我的 AuthDelegateImplementation 的一个片段
public string AcquireToken(Identity identity, string authority, string resource, string claims)
{
_app = PublicClientApplicationBuilder.Create(_appInfo.ApplicationId)
.WithAdfsAuthority("https://adfs.server.com/adfs/", false)
.WithRedirectUri("http://localhost:50069")
.Build();
var accounts = _app.GetAccountsAsync().GetAwaiter().GetResult();
// Append .default to the resource passed in to AcquireToken().
string[] scopes = { resource[^1].Equals('/') ? $"{resource}.default" : $"{resource}/.default" };
var result = _app.AcquireTokenInteractive(scopes)
.WithAccount(accounts.FirstOrDefault())
.WithPrompt(Prompt.SelectAccount)
.ExecuteAsync()
.ConfigureAwait(false)
.GetAwaiter()
.GetResult();
return result.AccessToken;
}