我正在使用ASP.NET MVC5 Web应用程序进行工作,该应用程序使用Azure ADAL库对用户进行身份验证,但是工作正常,但是,当我手动向图形发送请求时,例如:GET https://graph.microsoft.com/v1.0 / me或GET https://graph.microsoft.com/v1.0/groups?$ filter = from / displayName eq'whatever'。
我尝试更新Azure中的应用程序注册以添加所需的Graph权限,并且我也尝试创建新的应用程序注册,无论我做什么,我的请求将始终响应401未经授权,我缺少什么吗?
编辑:来自邮递员的示例响应
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "a142576b-acce-4e59-8a8d-adede61aaf59",
"date": "2017-04-05T13:27:36"
}
}
}
编辑:C#请求示例
public async Task<GroupGraph> GetGroupIdByDisplayName(string displayName)
{
var accessToken = await authenticationService.GetTokenUserOnly();
GroupGraph groupGraphResponse = null;
using (var client = new HttpClient())
{
using (var request = new HttpRequestMessage(HttpMethod.Get, $"https://graph.microsoft.com/v1.0/groups?$filter=from/displayName eq '{displayName}'"))
{
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using (var response = client.SendAsync(request).Result)
{
if (response.IsSuccessStatusCode)
{
using (var content = response.Content)
{
var result = await content.ReadAsStringAsync();
groupGraphResponse = JsonConvert.DeserializeObject<GroupGraph>(result);
}
}
}
}
}
return groupGraphResponse;
}
编辑:我获取令牌的方式
public async Task<string> GetTokenUserOnly()
{
string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
// get a token for the Graph without triggering any user interaction (from the cache, via multi-resource refresh token, etc)
ClientCredential clientcred = new ClientCredential(clientId, appKey);
// initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's database
AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance + tenantID, new TableTokenCache(signedInUserID));
//AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenSilentAsync(graphResourceID, clientcred, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
AuthenticationResult authenticationResult = authenticationContext.AcquireToken(graphResourceID, clientcred);
return authenticationResult.AccessToken;
}
您不能使用ADAL获取图形标记。microsoft .com。ADAL用于图形。Windows .net。
为了获取图形库(graph.windows.com)的令牌,请查看Nuget包Microsoft.Graph。Microsoft还提供了一些有关如何使用Graph提取用户信息的文档。
但是请注意,并排使用图形库和ADAL库会导致一些奇怪的副作用,例如清除凭据缓存。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句