我已经学习了AD RMS和MIP SDK教程,并使用AD RMS、ADFS 设置了一个环境
以下是我的代码中的一些片段:
var engineSettings = new FileEngineSettings("internal\sysadmin", authDelegate, "", "en-US");
engineSettings.Identity = new Identity("internal\sysadmin");
engineSettings.ProtectionCloudEndpointBaseUrl = "https://adrms.server.com";
engineSettings.ProtectionOnlyEngine = true;
var fileEngine = Task.Run(async () => await fileProfile.AddEngineAsync(engineSettings)).Result;
...snip...
var fileHandlerResult = Task.Run(async () => await fileHandler.CommitAsync(protectedFilePath)).Result;
在CommitAnc行,用户被重定向到ADFS登录页面,然后他们登录-然后他们被重定向到";验证失败";页面上写着:
Error details: error access_denied error_description: MSIS9622: Client authentication failed. Please verify the credential provided for client authentication is valid.
是否需要对MIP SDK样本进行其他更改,以使其与ADFS一起工作?以下是我的AuthDelegateImplementation 中的一个片段
public string AcquireToken(Identity identity, string authority, string resource, string claims)
{
_app = PublicClientApplicationBuilder.Create(_appInfo.ApplicationId)
.WithAdfsAuthority("https://adfs.server.com/adfs/", false)
.WithRedirectUri("http://localhost:50069")
.Build();
var accounts = _app.GetAccountsAsync().GetAwaiter().GetResult();
// Append .default to the resource passed in to AcquireToken().
string[] scopes = { resource[^1].Equals('/') ? $"{resource}.default" : $"{resource}/.default" };
var result = _app.AcquireTokenInteractive(scopes)
.WithAccount(accounts.FirstOrDefault())
.WithPrompt(Prompt.SelectAccount)
.ExecuteAsync()
.ConfigureAwait(false)
.GetAwaiter()
.GetResult();
return result.AccessToken;
}
我检查了我的AD FS事件查看器日志,发现用户没有访问api.rms.rest.com依赖方信任的权限-通过编辑访问控制策略以允许所有人来修复。