问题描述

这个想法是让它像 Azure Powershell 一样工作，即弹出标准的 Active Directory 身份验证对话框，我输入我的凭据，AzureAD 完成它的工作，然后控制台应用程序无法访问某个 Web 服务.

The idea is to make it work like Azure Powershell, i.e. the standard Active Directory authentication dialog pops up, I enter my credentials, AzureAD does its thing and then the console application cann access a certain webservice.

这可能吗?应该没那么难，但我找不到例子.

Is this possible? It shouldn't be that hard but I could find no example.

查看 WPF 示例，我看到它在 app.config 中设置了一个客户端 ID.这真的有必要吗?我的意思是，单页 js 应用也没有向 AD 注册，是吗?

Looking at the WPF example, I see it sets a client id in the app.config. Is this really necessary? I mean, a single page js app isn't registered with the AD either, is it?

推荐答案

事实上，任何客户端应用程序都应该在 AAD 中注册.

In fact, any client application should be regsitered in AAD.

控制台应用程序也必须在 Azure AD 中注册，因此您将拥有客户端 ID 和客户端重定向 URL，但没有客户端密码.那么下面的代码应该可以工作了:

Console app must be registered in Azure AD too, so you'll have client id and client redirect url, but no client secret. Then the following code should work:

void Main()
{
    var clientId = "client-GUID";
    var clientUrl = new Uri("redirect-url");  //can be anything starting with localhost
    var tenant = "name of your AAD tenant";
    string authority = "https://login.windows.net/" + tenant;

    string resource = "https://outlook.office365.com";  ///put id or url of resource you're accessing

    AuthenticationContext authenticationContext = new AuthenticationContext(authority, false);

    Console.WriteLine("Trying to acquire token");

    var pp = new PlatformParameters(PromptBehavior.Auto); //this brings web prompt
    var token = authenticationContext.AcquireTokenAsync(resource, clientId, clientUrl, pp, UserIdentifier.AnyUser).Result;
    Console.WriteLine("Got the token: {0}", token.AccessToken);
}

这篇关于是否可以将 AzureAD 身份验证与控制台应用程序一起使用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！