성태의 닷넷 이야기
홈 주인
모아 놓은 자료
프로그래밍
질문/답변
사용자 관리
사용자
메뉴
아티클
외부 아티클
유용한 코드
온라인 기능
MathJax 입력기
최근 덧글
[정성태] Roll A Lisp In C - Reading ; https...
[정성태] Java - How to use the Foreign Funct...
[정성태] 제가 큰 실수를 했군요. ^^; Delegate를 통한 Bein...
[정성태] Working with Rust Libraries from C#...
[정성태] Detecting blocking calls using asyn...
[정성태] 아쉽게도, 커뮤니티는 아니고 개인 블로그입니다. ^^
[정성태] 질문이 잘 이해가 안 됩니다. 우선, 해당 소스코드에서 ILis...
[양승조
] var대신 dinamic으로 선언해서 해결은 했습니다. 맞는 해...
[양승조
] 또 막혔습니다. ㅠㅠ var list = props[i].Ge...
[양승조
] 아. 감사합니다. 어제는 안됐던것 같은데....정신을 차려야겠네...
글쓰기
제목
이름
암호
전자우편
HTML
홈페이지
유형
제니퍼 .NET
닷넷
COM 개체 관련
스크립트
VC++
VS.NET IDE
Windows
Team Foundation Server
디버깅 기술
오류 유형
개발 환경 구성
웹
기타
Linux
Java
DDK
Math
Phone
Graphics
사물인터넷
부모글 보이기/감추기
내용
<div style='display: inline'> <h1 style='font-family: Malgun Gothic, Consolas; font-size: 20pt; color: #006699; text-align: center; font-weight: bold'>Azure Active Directory - Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).</h1> <p> 다음의 코드를 테스트할 때,<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > // MICROSOFT GRAPH – HOW TO IMPLEMENT IAUTHENTICATIONPROVIDER // ; <a target='tab' href='https://adrianszen.com/2019/06/16/microsoft-graph-how-to-implement-iauthenticationprovider/'>https://adrianszen.com/2019/06/16/microsoft-graph-how-to-implement-iauthenticationprovider/</a> public async Task AuthenticateRequestAsync(HttpRequestMessage request) { var clientApplication = ConfidentialClientApplicationBuilder.Create(this.clientId) .WithClientSecret(this.clientSecret) .WithTenantId(this.tenantId) .Build(); // Client credential flows - Client credential flows in MSAL.NET // <a target='tab' href='https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Client-credential-flows'>https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Client-credential-flows</a> var result = await clientApplication.AcquireTokenForClient(this.appScopes).ExecuteAsync(); if (request.Headers.Contains("Authorization") == false) { request.Headers.Add("Authorization", result.CreateAuthorizationHeader()); } } </pre> <br /> this.appScope을 "new string [] {}"로 주면 이렇게 오류가 발생합니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > Microsoft.Identity.Client.MsalClientException HResult=0x80131500 Message=At least one scope needs to be requested for this authentication flow. Source=Microsoft.Identity.Client StackTrace: at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.<ExecuteAsync>d__2.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/ExceptionServices/ExceptionDispatchInfo.cs:line 56 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/TaskAwaiter.cs:line 173 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/TaskAwaiter.cs:line 150 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult() in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/TaskAwaiter.cs:line 551 at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__12.MoveNext() This exception was originally thrown at this call stack: [External Code] System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() in ExceptionDispatchInfo.cs System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) in TaskAwaiter.cs System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) in TaskAwaiter.cs System.Runtime.CompilerServices.ConfiguredTaskAwaitable<TResult>.ConfiguredTaskAwaiter.GetResult() in TaskAwaiter.cs [External Code] </pre> <br /> 혹은 "new string [] { "User.read" }"와 같은 값을 넘기면 이렇게 오류가 발생합니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > Microsoft.Identity.Client.MsalServiceException HResult=0x80131500 Message=<span style='color: blue; font-weight: bold'>AADSTS1002012: The provided value for scope User.Read is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).</span> Trace ID: ...[생략]... Correlation ID: ...[생략]... Timestamp: ...[생략]... Source=Microsoft.Identity.Client StackTrace: at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext) at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response, RequestContext requestContext) at Microsoft.Identity.Client.OAuth2.OAuth2Client.<ExecuteRequestAsync>d__11`1.MoveNext() at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/ExceptionServices/ExceptionDispatchInfo.cs:line 56 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/TaskAwaiter.cs:line 173 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/TaskAwaiter.cs:line 150 at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult() in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/CompilerServices/TaskAwaiter.cs:line 551 at Microsoft.Identity.Client.OAuth2.OAuth2Client.<GetTokenAsync>d__10.MoveNext() This exception was originally thrown at this call stack: [External Code] System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() in ExceptionDispatchInfo.cs System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) in TaskAwaiter.cs System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) in TaskAwaiter.cs System.Runtime.CompilerServices.ConfiguredTaskAwaitable<TResult>.ConfiguredTaskAwaiter.GetResult() in TaskAwaiter.cs [External Code] </pre> <br /> "./default"로 끝나는 식별자를 넣어야 한다고 나오는데, 다행히 메시지에 "application ID URI" 값이라고 알려주고 있습니다. 이 값은 Azure Active Directory에 등록한 "App"의 client_id 값이 붙어 다음과 같은 형식을 띄는데요,<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > [예를 들어, app의 client_id 값이 "30dabf24-4603-4dbe-bf29-e09a89c9be72"인 경우] api://30dabf24-4603-4dbe-bf29-e09a89c9be72 </pre> <br /> 하지만 (App의 client_id 값은 설정 화면에서 구할 수 있기 때문에) 그냥 저대로 구성한다고 해서 되는 것은 아닙니다. 이에 대해서는 지난 글에서 다뤘는데요,<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > Azure Active Directory - The resource principal named api://...[client_id]... was not found in the tenant ; <a target='tab' href='https://www.sysnet.pe.kr/2/0/12737'>https://www.sysnet.pe.kr/2/0/12737</a> </pre> <br /> 따라서, 명시적으로 "Expose an API"의 "Application ID URI" 우측에 있는 "Set" 버튼을 눌러 활성화시켜야 합니다. 이후 scope의 인자 값을 다음과 같이 구성해서 전달하면 됩니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > var scopes = new string[] { "api://30dabf24-4603-4dbe-bf29-e09a89c9be72/.default" }; </pre> </p><br /> <br /><hr /><span style='color: Maroon'>[이 글에 대해서 여러분들과 의견을 공유하고 싶습니다. 틀리거나 미흡한 부분 또는 의문 사항이 있으시면 언제든 댓글 남겨주십시오.]</span> </div>
첨부파일
스팸 방지용 인증 번호
8548
(왼쪽의 숫자를 입력해야 합니다.)