Tej*_*jas 6 c# azure azure-billing-api
我使用Azure REST API来获取结算使用率和价目表详细信息.要使用AcquireToken()方法获取令牌,最初我只使用客户端ID,然后在登录窗口中询问用户凭据.
但是,我正在寻找非交互式方法,因此我使用了Client Credentials,其中我传递了Client Id和Client Secret Key.
但它给出了"远程服务器返回错误401未经授权"
当我深入研究错误时,我发现它给出了错误"访问令牌来自错误的受众或资源"
请给我任何解决方案,我可以在没有任何用户交互的情况下访问API.
提前致谢.
这是我的代码:
{
string token = GetOAuthTokenFromAAD();
string requestURL = String.Format("{0}/{1}/{2}/{3}",
ConfigurationManager.AppSettings["ARMBillingServiceURL"],
"subscriptions",
ConfigurationManager.AppSettings["SubscriptionID"],
"providers/Microsoft.Commerce/RateCard?api-version=2015-06-01-preview&$filter=OfferDurableId eq 'MS-AZR-*****' and Currency eq 'INR' and Locale eq 'en-IN' and RegionInfo eq 'IN'");
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(requestURL);
request.Headers.Add(HttpRequestHeader.Authorization, "Bearer " + token);
request.ContentType = "application/json";
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Console.WriteLine(String.Format("RateCard service response status: {0}", response.StatusDescription));
}
public static string GetOAuthTokenFromAAD()
{
AuthenticationContext authenticationContext = new AuthenticationContext(string.Format("{0}/{1}",ConfigurationManager.AppSettings["ADALServiceURL"], ConfigurationManager.AppSettings["TenantDomain"]));
AuthenticationResult result = null;
ClientCredential uc = new ClientCredential(Client_Id, Secret_Key);
try
{
result = authenticationContext.AcquireToken("https://management.core.windows.net/", uc);
}
return result.AccessToken;
}
//App Config File
<add key="ADALServiceURL" value="https://login.microsoftonline.com" />
<add key="ADALRedirectURL" value="http://*****-authentication.cloudapp.net" />
<add key="ARMBillingServiceURL" value="https://management.core.windows.net" />
<add key="TenantDomain" value="********.onmicrosoft.com" />
<add key="SubscriptionID" value="*******-****-****-****-********" />
<add key="ClientId" value="*******-****-****-****-********" />
更新:我还提供了这些方法作为可重用的身份验证助手类库。您可以在此链接中找到相同内容: Azure 身份验证 - 验证应用程序中的任何 Azure API 请求
方法 1:要以非交互方式使用密码方法,您需要首先遵循以下帖子的“使用密码进行身份验证 - PowerShell”部分: 使用 ARM 验证服务主体
然后使用下面的代码片段来获取令牌。
var authenticationContext = new AuthenticationContext(String.Format("{0}/{1}",
ConfigurationManager.AppSettings["ADALServiceURL"],
ConfigurationManager.AppSettings["TenantDomain"]));
var credential = new ClientCredential(clientId: "11a11111-11a1-111a-a111-1afeda2bca1a", clientSecret: "passwordhere");
var result = authenticationContext.AcquireToken(resource: "https://management.core.windows.net/", clientCredential: credential);
if (result == null)
{
throw new InvalidOperationException("Failed to obtain the JWT token");
}
string token = result.AccessToken;
return token;
或者(方法2),您也可以使用证书方法。在这种情况下,请使用与上面相同的链接,但请遵循该链接中的“使用证书进行身份验证 - PowerShell”部分。然后使用以下代码片段以非交互方式获取令牌:
var subscriptionId = "1a11aa11-5c9b-4c94-b875-b7b55af5d316";
string tenant = "1a11111a-5713-4b00-a1c3-88da50be3ace";
string clientId = "aa11a111-1050-4892-a2d8-4747441be14d";
var authContext = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenant));
X509Certificate2 cert = null;
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
string certName = "MyCert01";
try
{
store.Open(OpenFlags.ReadOnly);
var certCollection = store.Certificates;
var certs = certCollection.Find(X509FindType.FindBySubjectName, certName, false);
//var certs = certCollection.Find(X509FindType.FindBySerialNumber, "E144928868B609D35F72", false);
if (certs == null || certs.Count <= 0)
{
throw new Exception("Certificate " + certName + " not found.");
}
cert = certs[0];
}
finally
{
store.Close();
}
var certCred = new ClientAssertionCertificate(clientId, cert);
var token = authContext.AcquireToken("https://management.core.windows.net/", certCred);
var creds = new TokenCloudCredentials(subscriptionId, token.AccessToken);
//var client = new ResourceManagementClient(creds);
return token.AccessToken;