0

我已尝试遵循类似于本文中所述的过程 - https://docs.microsoft.com/en-us/graph/auth-v2-user

首先,我使用 Azure AD 应用注册创建了一个应用。使用这个应用程序,我创建了一个秘密密码(在证书和秘密下)

然后转到 Azure AD,身份验证选项卡并添加一个新的 web 类型的平台配置,重定向 URL 为 https://localhost:5555/azuredemo。这是您将收到授权代码的返回 URL。

接下来,转到 API 权限,添加权限,从“我的组织使用的 API”中选择,然后选择 Microsoft 认知服务。选择 Delegated Permissions 并添加添加的 user_impersonations 4.创建示例 html 页面以使用授权 url 生成授权代码请求

 <!DOCTYPE html>
    <html>
    <title> Client Authorization page </title>
    <body>
    <form action="https://login.microsoftonline.com/{my-tenant-id}/oauth2/v2.0/authorize" 
    action="post">
    Client ID: <input type="field" name="client_id" value="xxx"/> <br/>
    Client Secret: <input type="field" name="client_secret" value="yyy"/> <br/>
    Scope: <input type="field" name="scope" 
    value="https://cognitiveservices.azure.us/user_impersonation"/>; <br/>
    Response Type: <input type="field" name="response_type" value="code"/> <br/>
    Redirect URL: <input type="field" name="redirect_url" 
    value="https://localhost:5555/azuredemo"/> <br/>
    <input type="submit" value="Authorize client"/> <br/>
    </form>
    </body>
    </html>

authorization code was returned.

Take this authorization code to get access token
https://login.microsoftonline.com/{my-tenant-id}/oauth2/v2.0/token


Usin the returned access token generated in the previous get token response, i added it to the authorization header. However I get the Principal does not have access to API/Operation error error

Here is the sample POSTMAN request/response
POST https://my-cs-resource.cognitiveservices.azure.com/text/analytics/v3.0/languages: {
"Network": {
"addresses": {
"local": {
"address": "masked",
"family": "IPv4",
"port": 51447
},
"remote": {
"address": "masked",
"family": "IPv4",
"port": 443
}
},
"tls": {
"reused": false,
"authorized": true,
"authorizationError": null,
"cipher": {
"name": "masked",
"standardName": "masked",
"version": "TLSv1/SSLv3"
},
"protocol": "TLSv1.2",
"ephemeralKeyInfo": {},
"peerCertificate": {
"subject": {
"country": "US",
"stateOrProvince": "WA",
"locality": "Redmond",
"organization": "Microsoft Corporation",
"commonName": ".cognitive.microsoft.com",
"alternativeNames": "DNS:.api.cognitive.microsoft.com, DNS:.cognitiveservices.azure.com, DNS:.dev.cognitive.microsoft.com, DNS:.cognitive.microsoft.com"
},
"issuer": {
"country": "US",
"organization": "Microsoft Corporation",
"commonName": "Microsoft Azure TLS Issuing CA 02"
},
"validFrom": "Jul 27 22:28:10 2021 GMT",
"validTo": "Jul 22 22:28:10 2022 GMT",
"fingerprint": "masked",
"serialNumber": "masked"
}
}
},
"Request Headers": {
"authorization": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Imwzc1EtNTBjQ0g0eEJWWkxIVEd3blNSNzY4MCIsImtpZCI6Imwzc1EtNTBjQ0g0eEJWWkxIVEd3blNSNzY4MCJ9.eyJhdWQiOiJodHRwczovL2NvZ25pdGl2ZXNlcnZpY2VzLmF6dXJlLmNvbS8iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9mYzhkNzZlNC0xMTIyLTRmZTgtYjUxOS00NzIyYjMxNGNmZmMvIiwiaWF0IjoxNjMwODE4NTkyLCJuYmYiOjE2MzA4MTg1OTIsImV4cCI6MTYzMDgyMjQ5MiwiYWNyIjoiMSIsImFpbyI6IkFXUUFtLzhUQUFBQXYxclF1eUtxWld0d3hDcGRZQWtHQXk4UVVMM1d4VGJuZTNqeVFDOUNXNDdxWVhRV1c3cVhPU3FNcis5NUJnZzh3T3cySTI0Y0FwSnd6cW9XSXFhaUYzVDhGWWpROE9tcEdsQ2tPL2dZYmJ4R3FGeG16SW5pVWMrMUdleWdxZGlrIiwiYWx0c2VjaWQiOiIxOmxpdmUuY29tOjAwMDExQkE3NEMzMTJBMTgiLCJhbXIiOlsicHdkIiwibWZhIl0sImFwcGlkIjoiYzczMzJiYmItNGU0Mi00MmY3LTg5NDMtMjc1NWI5M2Y5MTUyIiwiYXBwaWRhY3IiOiIxIiwiZW1haWwiOiJkdXNoeWFudGdAaG90bWFpbC5jb20iLCJmYW1pbHlfbmFtZSI6IkdvZHNlIiwiZ2l2ZW5fbmFtZSI6IkR1c2h5YW50IiwiZ3JvdXBzIjpbImFlNDNiNGQyLTVhYmMtNDdlOC04YTU4LTcwMzYxYWIxZmE2YyJdLCJpZHAiOiJsaXZlLmNvbSIsImlwYWRkciI6IjczLjIyMy4yNS43MiIsIm5hbWUiOiJEdXNoeWFudCBHb2RzZSIsIm9pZCI6IjcyY2JlN2E5LWMwYjMtNDA0Ny04MmI0LWNmMjg4Y2QxNGY4MCIsInB1aWQiOiIxMDAzMjAwMENERUMwNjJDIiwicmgiOiIwLkFWb0E1SGFOX0NJUjZFLTFHVWNpc3hUUF9Mc3JNOGRDVHZkQ2lVTW5WYmtfa1ZKYUFDQS4iLCJzY3AiOiJ1c2VyX2ltcGVyc29uYXRpb24iLCJzdWIiOiItYjl6eVpFbS1DS0QwNkVHd2RRTzVXWDBhY1lhZmFXUUh1M2xoWmFCcGlRIiwidGlkIjoiZmM4ZDc2ZTQtMTEyMi00ZmU4LWI1MTktNDcyMmIzMTRjZmZjIiwidW5pcXVlX25hbWUiOiJsaXZlLmNvbSNkdXNoeWFudGdAaG90bWFpbC5jb20iLCJ1dGkiOiJtMzg1cGlwVDRrMlFPTGFPUnBCb0FBIiwidmVyIjoiMS4wIiwid2lkcyI6WyI2MmU5MDM5NC02OWY1LTQyMzctOTE5MC0wMTIxNzcxNDVlMTAiLCJiNzlmYmY0ZC0zZWY5LTQ2ODktODE0My03NmIxOTRlODU1MDkiXX0.ohYY5JYcBlgGuqm0REadMwjAVekDLcTlxvHjkmcCTF9a8qwcEhSbFt8Auj-L_V9up9LZlxXuXOg-GOS9_0duzYKKBzMAOZJFmcQcR-naCkrUqDT5H1_9-P3cb5pRz9B600-3_mzqIZxBqv_TLFiknBSJcBIgqpBy3dKuxdoTRKX9nI1LbeWQflWRRVdyRk24L12daPwU0ZY7_SYGPYsyfAn5AxXU18cVxc7MZUNHu27E1FRI0Pm0bgqF7ZZmAv3mDuNHPvNf-80q8XtAGHxeVurpbTD0roAIWTkEgp2QNPWvMJG8Chr7Yvmq6XanpRLpRF0C1gXU2v-NvdUOEAA9rw",
"content-type": "application/json",
"user-agent": "PostmanRuntime/7.28.4",
"accept": "/*",
"postman-token": "a94ce59f-4de5-4b0c-8044-849c31a8aa0e",
"host": "my-cs-resource.cognitiveservices.azure.com",
"accept-encoding": "gzip, deflate, br",
"connection": "keep-alive",
"content-length": "92"
},
"Request Body": "{\"documents\": [{\"countryHint\": \"US\",\"id\": \"1\",\"text\": \"Hello world. How are you today!\"}]}\r\n",
"Response Headers": {
"content-length": "99",
"content-type": "application/json",
"apim-request-id": "xxxxxx",
"strict-transport-security": "max-age=31536000; includeSubDomains; preload",
"x-content-type-options": "nosniff",
"date": "Sun, 05 Sep 2021 05:16:40 GMT"
},
"Response Body": "{\"error\":{\"code\":\"PermissionDenied\",\"message\": \"Principal does not have access to API/Operation.\"}}"
}

Appreciate your assistance to help me know as to why I get Permission denied on this language detection on text analytics response. This works correctly if I were to use the API key instead of access token returned via the delegated authorized code process.
Please help.
thank you.
4

0 回答 0