Asp.net mvc 使用Windows Server 2012 R2 ADFS 3.0和Katana保护Web API

我想制作一个与Web API应用程序对话的MVC Web应用程序，并使用ADFS 3.0（在Windows 2012 R2上）进行身份验证

我设法使MVC Web应用程序使用ADF进行身份验证。 并按照Vittorio Bertocci的本文所示配置了所有内容

现在我使用nuget最新的AAL预发布版

现在，在使用web MVC应用程序中的ADF进行身份验证之后，我尝试调用webapi

public async Task<String> CallSecuredAPI()
        {
            string authority = "https://fs.domain.com/adfs";
            string resourceURI = "https://{hostheader}/SecuredAPI";
            string clientID = "ExternalWebSite1";
            string clientReturnURI = "https://{hostheader}/ExternalSite";

            AuthenticationContext ac = new AuthenticationContext(authority, false);
            AuthenticationResult ar = ac.AcquireToken(resourceURI, clientID, new   Uri(clientReturnURI));

            string authHeader = ar.CreateAuthorizationHeader();
            var client = new HttpClient();
            HttpRequestMessage request =
                new HttpRequestMessage(HttpMethod.Get, "https://hostheader/SecuredAPI/api/Claims");
            request.Headers.TryAddWithoutValidation("Authorization", authHeader);
            HttpResponseMessage response = await client.SendAsync(request);
            string responseString = await response.Content.ReadAsStringAsync();
            return responseString;
        }

public异步任务CallSecuredAPI（）
{
字符串权限=”https://fs.domain.com/adfs";
string resourceURI=“https://{hostheader}/SecuredAPI”；
字符串clientID=“ExternalWebSite1”；
字符串clienterturnuri=“https://{hostheader}/ExternalSite”；
AuthenticationContext ac=新的AuthenticationContext（authority，false）；
AuthenticationResult ar=ac.AcquireToken（resourceURI、clientID、新Uri（clientReturnURI））；
字符串authHeader=ar.CreateAuthorizationHeader（）；
var client=新的HttpClient（）；
HttpRequestMessage请求=
新的HttpRequestMessage（HttpMethod.Get）https://hostheader/SecuredAPI/api/Claims");
request.Headers.TryAddWithoutValidation（“Authorization”，authHeader）；
HttpResponseMessage response=等待客户端.SendAsync（请求）；
string responseString=wait response.Content.ReadAsStringAsync（）；
回报率；
}

但我得到了这个错误，我认为这是由于客户端不是基于UI的客户端或WPF，windows应用程序。有人能告诉我我是否做错了什么吗

!！[尝试使用AAL获取授权代码时出错][1]

“/ExternalSite”应用程序中出现服务器错误

Source Error: 


Line 43: 
Line 44:             AuthenticationContext ac = new AuthenticationContext(authority, false);
Line 45:             AuthenticationResult ar = ac.AcquireToken(resourceURI, clientID, new Uri(clientReturnURI));
Line 46:             
Line 47:             string authHeader = ar.CreateAuthorizationHeader();

Source File: c:\Users\balakrishna.takkalla\Documents\Visual Studio 2013\Projects\ExternalSite\ExternalSite\Controllers\HomeController.cs    Line: 45 

Stack Trace: 


[InvalidOperationException: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.]
   System.Windows.Forms.Form.ShowDialog(IWin32Window owner) +5701502
   Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialog.ShowBrowser() +18
   Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialog.OnAuthenticate() +23
   Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialogBase.AuthenticateAAD(Uri requestUri, Uri callbackUri) +284
   Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.InteractiveWebUI.OnAuthenticate() +103
   Microsoft.IdentityModel.Clients.ActiveDirectory.OAuth2Request.SendAuthorizeRequest(Authenticator authenticator, String resource, Uri redirectUri, String clientId, String userId, PromptBehavior promptBehavior, String extraQueryParameters, IWebUI webUi, CallState callState) +363
   Microsoft.IdentityModel.Clients.ActiveDirectory.<>c__DisplayClass9b.<AcquireAuthorization>b__9a() +111
   System.Threading.Tasks.Task.Execute() +110

当应用程序未在UserInteractive模式下运行时，显示模式对话框或窗体不是有效的操作。指定ServiceNotification或DefaultDesktopOnly样式以显示来自服务应用程序的通知

Source Error: 


Line 43: 
Line 44:             AuthenticationContext ac = new AuthenticationContext(authority, false);
Line 45:             AuthenticationResult ar = ac.AcquireToken(resourceURI, clientID, new Uri(clientReturnURI));
Line 46:             
Line 47:             string authHeader = ar.CreateAuthorizationHeader();

Source File: c:\Users\balakrishna.takkalla\Documents\Visual Studio 2013\Projects\ExternalSite\ExternalSite\Controllers\HomeController.cs    Line: 45 

Stack Trace: 


[InvalidOperationException: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.]
   System.Windows.Forms.Form.ShowDialog(IWin32Window owner) +5701502
   Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialog.ShowBrowser() +18
   Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialog.OnAuthenticate() +23
   Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialogBase.AuthenticateAAD(Uri requestUri, Uri callbackUri) +284
   Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.InteractiveWebUI.OnAuthenticate() +103
   Microsoft.IdentityModel.Clients.ActiveDirectory.OAuth2Request.SendAuthorizeRequest(Authenticator authenticator, String resource, Uri redirectUri, String clientId, String userId, PromptBehavior promptBehavior, String extraQueryParameters, IWebUI webUi, CallState callState) +363
   Microsoft.IdentityModel.Clients.ActiveDirectory.<>c__DisplayClass9b.<AcquireAuthorization>b__9a() +111
   System.Threading.Tasks.Task.Execute() +110

描述：执行当前web请求期间发生未处理的异常。请查看堆栈跟踪以了解有关错误的更多信息以及错误在代码中的起源

异常详细信息：System.InvalidOperationException：当应用程序未在UserInteractive模式下运行时，显示模式对话框或窗体是无效的操作。指定ServiceNotification或DefaultDesktopOnly样式以显示来自服务应用程序的通知

Source Error: 


Line 43: 
Line 44:             AuthenticationContext ac = new AuthenticationContext(authority, false);
Line 45:             AuthenticationResult ar = ac.AcquireToken(resourceURI, clientID, new Uri(clientReturnURI));
Line 46:             
Line 47:             string authHeader = ar.CreateAuthorizationHeader();

Source File: c:\Users\balakrishna.takkalla\Documents\Visual Studio 2013\Projects\ExternalSite\ExternalSite\Controllers\HomeController.cs    Line: 45 

Stack Trace: 


[InvalidOperationException: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.]
   System.Windows.Forms.Form.ShowDialog(IWin32Window owner) +5701502
   Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialog.ShowBrowser() +18
   Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialog.OnAuthenticate() +23
   Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialogBase.AuthenticateAAD(Uri requestUri, Uri callbackUri) +284
   Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.InteractiveWebUI.OnAuthenticate() +103
   Microsoft.IdentityModel.Clients.ActiveDirectory.OAuth2Request.SendAuthorizeRequest(Authenticator authenticator, String resource, Uri redirectUri, String clientId, String userId, PromptBehavior promptBehavior, String extraQueryParameters, IWebUI webUi, CallState callState) +363
   Microsoft.IdentityModel.Clients.ActiveDirectory.<>c__DisplayClass9b.<AcquireAuthorization>b__9a() +111
   System.Threading.Tasks.Task.Execute() +110

源错误：
第43行：
第44行：AuthenticationContext ac=新的AuthenticationContext（authority，false）；
第45行：AuthenticationResult ar=ac.AcquireToken（resourceURI、clientID、新Uri（clientReturnURI））；
第46行：
第47行：字符串authHeader=ar.CreateAuthorizationHeader（）；
源文件：c:\Users\balakrishna.takkalla\Documents\Visual Studio 2013\Projects\ExternalSite\ExternalSite\Controllers\HomeController.cs行：45
堆栈跟踪：
[InvalidOperationException:当应用程序未在UserInteractive模式下运行时，显示模式对话框或窗体不是有效的操作。请指定ServiceNotification或DefaultDesktopOnly样式以显示来自服务应用程序的通知。]
System.Windows.Forms.Form.ShowDialog（iwin32窗口所有者）+5701502
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialog.ShowBrowser（）+18
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialog.OnAuthenticate（）+23
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialogBase.AuthenticateAD（Uri requestUri，Uri callbackUri）+284
Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.InteractiveWebUI.OnAuthenticate（）+103
Microsoft.IdentityModel.Clients.ActiveDirectory.OAuth2Request.SendAuthorizationRequest（验证器验证器、字符串资源、Uri重定向Uri、字符串clientId、字符串用户ID、PromptBehavior PromptBehavior、字符串extraQueryParameters、IWebUI、CallState CallState）+363
Microsoft.IdentityModel.Clients.ActiveDirectory.c__显示类9b.b__9a（）+111
System.Threading.Tasks.Task.Execute（）+110

如果我理解正确：您希望从MVC应用程序的代码隐藏中访问Web API。 这种拓扑结构在今天的Azure Active Directory中是可行的，您可以在示例中看到这一点（我正在将其更新为最新的ADAL刷新，您可以查看RCUpdate分支以查看正在进行的工作）

然而，从ADFS WS2012 R2目前无法实现这种拓扑结构。原因是MVC应用程序（以及任何其他网站）是一个机密客户端，OAuth2处理该客户端的方式与公共客户端（作为起点使用的WPF应用程序是公共客户端）不同。在您针对的场景中，要使用ADAL从机密客户机获取令牌，您将使用ADAL的方法AcquireTokenByAuthorizationCode（请参阅我提到的示例）。但是，ADFS WS2012 R2无法处理该方法。今天，ADFS WS2012 R2中的OAuth2支持仅限于公共客户端

抱歉带来坏消息！作为一种缓解，你可以考虑将你的ADF与AAD租户联合：在这一点上，你可以做你想做的事情，作为一个ADFS用户进行认证，但是从AAD获取令牌（它支持必要的OAuth2 Grand）。 嗯

---

V.

您是否阅读了错误消息？它不仅能告诉你哪里出了问题，还能告诉你如何解决问题。“当应用程序未在UserInteractive模式下运行时，显示模式对话框或窗体是无效的操作。请指定ServiceNotification或DefaultDesktopOnly样式以显示来自服务应用程序的通知。”谢谢Robert Harvey是的，我确实读过，我不确定是否应该继续进行更改，因为我不希望在duri期间出现任何弹出窗口