Can ADAL be used with Azure AD (Connect) Passthrough Authentication for Integrated Auth -
when calling acquiretoken error silent authentication can not used managed users
i have following code reproduces error:
$nugetpackages = "$env:temp\packages" $clientversion = '3.14.2' $libpath = join-path $nugetpackages "microsoft.identitymodel.clients.activedirectory.$clientversion\lib" if (!(test-path $libpath)) { write-host "installing microsoft.identitymodel.clients.activedirectory module" install-package -name 'microsoft.identitymodel.clients.activedirectory' -requiredversion $clientversion -providername nuget -destination $nugetpackages -source http://www.nuget.org/api/v2/ -force | out-null } add-type -assemblyname system.directoryservices.accountmanagement $tenantname = [string]::join('.',([system.directoryservices.accountmanagement.userprincipal]::current.distinguishedname.split(',') |? { $_.split('=')[0] -eq 'dc' } |% { $_.split('=')[1] })) $authority = "https://login.windows.net/$tenantname" $resourceappiduri = "https://management.core.windows.net/" $clientid = "1950a258-227b-4e31-a9cf-717495945fc2" # common app id get-childitem $libpath -filter net45\microsoft.identitymodel.clients.activedirectory.dll |% { [system.reflection.assembly]::loadfrom($_.fullname) | out-null } try { $creds = new-object "microsoft.identitymodel.clients.activedirectory.usercredential" -argumentlist $env:username@$tenantname $creds.userauthtype $authcontext = new-object "microsoft.identitymodel.clients.activedirectory.authenticationcontext" -argumentlist $authority $task = $authcontext.acquiretokenasync($resourceappiduri, $clientid, $creds) $task.wait() $authresult = $task.result $authresult return $authresult.accesstoken } catch { throw $_.exception.tostring() } produces error
microsoft.identitymodel.clients.activedirectory.adalexception: password_required_for_managed_user: password required managed user
this error means didn't provider password method. if want use resource owner password credentials flow acquire access token, should provider both username , password via userpasswordcredential class.
here code sample works me:
$nugetpackages = "$env:temp\packages" $clientversion = '3.14.2' $libpath = join-path $nugetpackages "microsoft.identitymodel.clients.activedirectory.$clientversion\lib" if (!(test-path $libpath)) { write-host "installing microsoft.identitymodel.clients.activedirectory module" install-package -name 'microsoft.identitymodel.clients.activedirectory' -requiredversion $clientversion -providername nuget -destination $nugetpackages -source http://www.nuget.org/api/v2/ -force | out-null } add-type -assemblyname system.directoryservices.accountmanagement $tenantname = [string]::join('.',([system.directoryservices.accountmanagement.userprincipal]::current.distinguishedname.split(',') |? { $_.split('=')[0] -eq 'dc' } |% { $_.split('=')[1] })) $authority = "https://login.windows.net/$tenantname" $resourceappiduri = "https://management.core.windows.net/" $clientid = "1950a258-227b-4e31-a9cf-717495945fc2" # common app id get-childitem $libpath -filter net45\microsoft.identitymodel.clients.activedirectory.dll |% { [system.reflection.assembly]::loadfrom($_.fullname) | out-null } try { $creds = new-object "microsoft.identitymodel.clients.activedirectory.userpasswordcredential" -argumentlist '{username}', '{password}' #$creds.userauthtype $authcontext = new-object "microsoft.identitymodel.clients.activedirectory.authenticationcontext" -argumentlist $authority $task = [microsoft.identitymodel.clients.activedirectory.authenticationcontextintegratedauthextensions]::acquiretokenasync($authcontext,$resourceappiduri, $clientid, $creds) #$task = $authcontext.acquiretokenasync($resourceappiduri, $clientid, $creds) $task.wait() $authresult = $task.result $authresult return $authresult.accesstoken } catch { throw $_.exception.tostring() } 
Comments
Post a Comment