Asp.net core 使用AcquireTokenSilent刷新访问\u令牌
我有一个asp.netcore MVC应用程序,它将访问令牌传递给下游API 经过一番努力,我终于想出了如何使用MSAL.Net获取access_令牌的方法。但是访问令牌每小时过期一次,所以我必须刷新它。所以我使用AcquireTokenSilent,它接受account作为参数 My Startup.csAsp.net core 使用AcquireTokenSilent刷新访问\u令牌,asp.net-core,oauth-2.0,azure-active-directory,Asp.net Core,Oauth 2.0,Azure Active Directory,我有一个asp.netcore MVC应用程序,它将访问令牌传递给下游API 经过一番努力,我终于想出了如何使用MSAL.Net获取access_令牌的方法。但是访问令牌每小时过期一次,所以我必须刷新它。所以我使用AcquireTokenSilent,它接受account作为参数 My Startup.cs public void配置服务(IServiceCollection服务) { 配置(选项=> { options.checkApprovered=context=>true; option
public void配置服务(IServiceCollection服务)
{
配置(选项=>
{
options.checkApprovered=context=>true;
options.MinimumSameSitePolicy=SameSiteMode.None;
});
services.AddAuthentication(选项=>
{
options.DefaultAuthenticateScheme=CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme=OpenIdConnectDefaults.AuthenticationScheme;
options.defaultsignnscheme=CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddCookie(选项=>
{
options.Events=新建CookieAuthenticationEvents()
{
OnValidatePrincipal=OnValidatePrincipal
};
})
.AddOpenIdConnect(选项=>
{
选项。权限=”https://login.microsoftonline.com/{tenantId}/v2.0”;
options.ClientId=配置[“AzureAD:ClientId”];
options.ClientSecret=配置[“AzureAD:ClientSecret”];
options.CallbackPath=配置[“AzureAD:CallbackPath”];
options.ResponseType=“代码id\U令牌”;
options.Scope.Add(“openid”);
选项。范围。添加(“配置文件”);
options.Scope.Add(“脱机访问”);
options.Scope.Add(“api://{ClientidOfAPI}/user_模拟”);
options.SaveTokens=true;
options.Events=new OpenIdConnectEvents()
{
OnAuthorizationCodeReceived=OnAuthorizationCodeReceived
};
});
services.AddMvc(选项=>
{
var policy=new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()文件
.Build();
options.Filters.Add(新的授权过滤器(策略));
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
}
ValidatePrincipal上的专用异步任务(CookieValidatePrincipalContext)
{
var application=getorbuildsecretentialclientapplication(context.HttpContext,context.Principal);
var accounts=wait application.GetAccountsAsync();
AuthenticationResult=Wait application.AcquireTokenSilent(
新[]{“openid”、“profile”、“offline_access”、“api://{ClientidOfAPI}/user_impersonation”},
accounts.FirstOrDefault()).ExecuteAsync();
}
AuthorizationCodeReceived上的专用异步任务(AuthorizationCodeReceivedContext上下文)
{
var application=getorbuildsecretentialclientapplication(context.HttpContext,context.Principal);
var result=await application.AcquireTokenByAuthorizationCode(新[]{“api://{ClientidOfAPI}/user_impersonation},context.ProtocolMessage.Code)
.ExecuteAsync();
HandleCodeRedemption(result.AccessToken、result.IdToken);
}
专用IConfidentialClientApplication GetorBuildSecretentialClientApplication(HttpContext HttpContext,ClaimsPrincipal ClaimsPrincipal)
{
var request=httpContext.request;
string currentUri=UriHelper.BuildAbsolute(request.Scheme、request.Host、request.PathBase,“/signin oidc”?string.Empty);
字符串权限=$”https://login.microsoftonline.com/{tenantid}/v2.0”;
var app=secretentialClientApplicationBuilder.CreateWithApplicationOptions(新的secretentialClientApplicationOptions()
{
ClientId=“客户端的ClientId,
ClientSecret=“客户端密码”
})
.WithRedirectUri(当前URI)
.有权
.Build();
返回应用程序;
}
公共无效配置(IApplicationBuilder应用程序,IHostingEnvironment环境)
{
if(env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
其他的
{
app.UseHsts();
}
...
app.UseAuthentication();
app.UseMvc();
}
var accounts=wait application.GetAccountsAsync();
我是否需要实现缓存来获取GetAccountsAsync()的值?据我所知,我并不是在手动进行缓存?您好,您找到解决方案了吗?有相同的问题。谢谢!