我无法获得基于令牌的数据库身份验证.使用Active Directory密码连接有效,但在与令牌连接时,我收到以下错误:

用户'NT AUTHORITY\ANONYMOUS LOGON'登录失败.

此问题已在Stack Overflow和此处的MSDN 上进行了讨论,但没有可用的解决方案.这篇博客文章表明用户权限有问题,但它相当含糊.

组态

使用以下方法获取令牌成功:

static async Task<string> GetAccessToken()
{
    var certificateSDN = "redacted";
    var tenantId = "redacted";
    var clientId = "redacted";
    var resource = "https://database.windows.net";

    X509Certificate2 certificate;
    using (var certificateStore = new X509Store(StoreName.My, StoreLocation.CurrentUser))
    {
        certificateStore.Open(OpenFlags.ReadOnly);
        certificate = certificateStore.Certificates
            .Find(X509FindType.FindBySubjectDistinguishedName, certificateSDN, false)
            [0];
    }

    var authenticationContext = new AuthenticationContext($"https://login.microsoftonline.com/{tenantId}");
    var clientAssertionCertificate = new ClientAssertionCertificate(clientId, certificate);
    var authenticationResult = await authenticationContext.AcquireTokenAsync(resource, clientAssertionCertificate);

    return authenticationResult.AccessToken;
}

连接到数据库的方式如下:

var connectionStringBuilder = …