Kopīgot, izmantojot


Access Azure Sphere Public API with your AAD user identity

Important

This is the Azure Sphere (Legacy) documentation. Azure Sphere (Legacy) is retiring on 27 September 2027, and users must migrate to Azure Sphere (Integrated) by this time. Use the Version selector located above the TOC to view the Azure Sphere (Integrated) documentation.

You can use this authentication method if you need to implement a Web application or a console application that users in the customer's Azure Active Directory (AAD) tenant can access.

Client application registrations are Azure Active Directory representations of applications that can be used to authenticate and obtain tokens. A service client is intended to be used by an application to obtain an access token without interactive authentication of a user. It will have certain application permissions and use an application secret (password) when obtaining access tokens.

Prerequisites

Step 1: Register the client application

  1. In the Azure portal, on the left navigation pane, click Azure Active Directory.
  2. In the Azure Active Directory blade, click App registrations.
  3. Click New registration.
  4. Give the application a display name.

Step 2: Setup authentication

  1. In the Azure portal, on the left navigation pane, click Azure Active Directory.
  2. In App registrations, select your app, and then select Authentication.
  3. Set up the application as per the requirements of your application.

Step 3: Add API permissions

  1. Select API permissions and click Add a permission.
  2. Under APIs my organization uses, search for Azure Sphere Public API. The application ID for the Azure Sphere Public API is 7c209960-a417-423c-b2e3-9251907e63fe.
  3. Select Azure Sphere Public.
  4. Select azuresphere.readwrite and click Add Permissions.

Step 4: Configure your application

    IPublicClientApplication publicClientApplication =
    PublicClientApplicationBuilder.Create("<<App registration Client ID>>")
                    .WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient")
                    .WithAuthority(AzureCloudInstance.AzurePublic, "<<3rd Party Tenant Id>>")
                    .Build();
    string[] scopes = new[] { "https://firstparty.sphere.azure.net/api/azuresphere.readwrite" };
    AuthenticationResult result = await publicClientApplication.AcquireTokenInteractive(scopes).ExecuteAsync();
    string accessToken=result.AccessToken;