c# - Active Directory Authentication Exception (AADSTS90027) with Azure AD -


i have native client application obtaining oauth2 token active directory authorization. use token communicate secure web api server areas of api secured using [authorize] attribute. server registered azure ad , can authorize requests through ad.

when try token, following exception on line 2 of code below:

additional information: invalid_request: aadsts90027: client '<client guid>' , resource 'https://abccompany.com/myapplication.server' identify same application.

here code running in native client (just on button press test, now). guid , company names have been obfuscated.

authenticationcontext ac = new authenticationcontext("https://login.windows.net/abccompany.com"); authenticationresult ar = ac.acquiretoken("https://abccompany.com/myapplication.server", "<client guid>", new uri("https://localhost:44300/secure"), promptbehavior.auto);

i made sure redirect existed in azure in application configuration (otherwise there have been redirect error instead). error mean?

you seem using clientid of webapi need supply clientid of client app. please register separate 'native client application' in azure ad representing client app.

the following topic explains protocol flow , how register webapis in azure ad such users multiple ad tenants can use api: http://msdn.microsoft.com/en-us/library/azure/dn499820.aspx#bkmk_native following samples should see through:

hope helps.

ps: azure ad doesn't issue token when client , resource same application. in case should indeed different , resource clientid (issued confidential client) should not used public client - service service scenarios, can argued issuing tokens self should allowed - looking into.


Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more