试图为所有租户的用户获取所有 azure 订阅相关联,我正在使用从 GitHub 获得的 azure 示例解决方案,但该解决方案无法获取所有订阅。 示例解决方案链接。循环遍历每个租户时,调用 Azure 资源管理列表订阅 API后出现错误
以下尝试代码阻止了索赔中除租户以外的所有租户的异常
静默获取令牌失败。调用方法 AcquireToken
string tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
并且在调用 authContext.AcquireToken 而不是 authContext.AcquireTokenSilent 的 catch 块中处理异常
public static List<Subscription> GetUserSubscriptions(string organizationId)
{
List<Subscription> subscriptions = null;
//string tenantId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string signedInUserUniqueName = ClaimsPrincipal.Current.FindFirst(ClaimTypes.Name).Value.Split('#')[ClaimsPrincipal.Current.FindFirst(ClaimTypes.Name).Value.Split('#').Length - 1];
try
{
// Aquire Access Token to call Azure Resource Manager
ClientCredential credential = new ClientCredential(ConfigurationManager.AppSettings["ida:ClientID"],
ConfigurationManager.AppSettings["ida:Password"]);
// initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's EF DB
AuthenticationContext authContext = new AuthenticationContext(
string.Format(ConfigurationManager.AppSettings["ida:Authority"], organizationId),
new ADALTokenCache(signedInUserUniqueName));
AuthenticationResult result =
authContext.AcquireTokenSilent(
ConfigurationManager.AppSettings["ida:AzureResourceManagerIdentifier"], credential,
new UserIdentifier(signedInUserUniqueName, UserIdentifierType.RequiredDisplayableId));
subscriptions = new List<Subscription>();
// Get subscriptions to which the user has some kind of access
string requestUrl = string.Format("{0}/subscriptions?api-version={1}",
ConfigurationManager.AppSettings["ida:AzureResourceManagerUrl"],
ConfigurationManager.AppSettings["ida:AzureResourceManagerAPIVersion"]);
// Make the GET request
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = client.SendAsync(request).Result;
if (response.IsSuccessStatusCode)
{
string responseContent = response.Content.ReadAsStringAsync().Result;
dynamic subscriptionsResult = (Json.Decode(responseContent)).value;
foreach (dynamic subscription in subscriptionsResult)
{
subscriptions.Add(new Subscription()
{
Id = subscription.subscriptionId,
DisplayName = subscription.displayName,
OrganizationId = organizationId
});
}
}
}
下面的 catch 块能够在动态更改租户 ID(组织 ID)后获取令牌,但在将令牌与 REST API 一起使用时出现以下错误
{"error":{"code":"InvalidAuthenticationToken","message":"收到的访问令牌无效:至少应存在声明“puid”或“altsecid”或“oid”之一。如果您正在作为应用程序访问,请确保在租户中正确创建了服务主体。"}}
catch (AdalException ex)
{
if (ex.ErrorCode == "failed_to_acquire_token_silently")
{
ClientCredential credential = new ClientCredential(ConfigurationManager.AppSettings["ida:ClientID"],
ConfigurationManager.AppSettings["ida:Password"]);
// initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's EF DB
AuthenticationContext authContext = new AuthenticationContext(
string.Format(ConfigurationManager.AppSettings["ida:Authority"], organizationId), new ADALTokenCache(signedInUserUniqueName));
//List<TokenCacheItem> items = authContext.TokenCache.ReadItems().ToList();
string resource = ConfigurationManager.AppSettings["ida:AzureResourceManagerIdentifier"];
AuthenticationResult result = authContext.AcquireToken(resource, credential);
subscriptions = new List<Subscription>();
// Get subscriptions to which the user has some kind of access
string requestUrl = string.Format("{0}/subscriptions?api-version={1}", ConfigurationManager.AppSettings["ida:AzureResourceManagerUrl"],
ConfigurationManager.AppSettings["ida:AzureResourceManagerAPIVersion"]);
// Make the GET request
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = client.SendAsync(request).Result;
if (response.IsSuccessStatusCode)
{
string responseContent = response.Content.ReadAsStringAsync().Result;
var subscriptionsResult = (Json.Decode(responseContent)).value;
foreach (var subscription in subscriptionsResult)
subscriptions.Add(new Subscription()
{
Id = subscription.subscriptionId,
DisplayName = subscription.displayName,
OrganizationId = organizationId
});
}
else
{
string errMessage = response.Content.ReadAsStringAsync().Result;
}
}
}
return subscriptions;
}```