C# Microsoft.Graph.ServiceException';代码:BadRequest消息:当前经过身份验证的上下文对此请求无效
我在使用Microsoft Graph API时遇到问题。每当我尝试获取日历时,都会收到以下错误消息: 引发异常:中的“Microsoft.Graph.ServiceException” System.Private.CoreLib.dll:'代码:BAD请求消息:当前 已验证的上下文对此请求无效 起初,我认为它类似于post,但我的用户是经过身份验证的,所以我认为情况并非如此 这是我的密码:C# Microsoft.Graph.ServiceException';代码:BadRequest消息:当前经过身份验证的上下文对此请求无效,c#,azure-active-directory,microsoft-graph-api,msal,C#,Azure Active Directory,Microsoft Graph Api,Msal,我在使用Microsoft Graph API时遇到问题。每当我尝试获取日历时,都会收到以下错误消息: 引发异常:中的“Microsoft.Graph.ServiceException” System.Private.CoreLib.dll:'代码:BAD请求消息:当前 已验证的上下文对此请求无效 起初,我认为它类似于post,但我的用户是经过身份验证的,所以我认为情况并非如此 这是我的密码: EventController.cs 公共异步任务GetEventInfoAsync() { var
EventController.cs
公共异步任务GetEventInfoAsync()
{
var accessToken=await getAcessTokenAsync();
DelegateAuthenticationProvider DelegateAuthenticationProvider=新的DelegateAuthenticationProvider(
(请求消息)=>
{
requestMessage.Headers.Authorization=新的AuthenticationHeaderValue(“承载者”,accessToken);
返回Task.FromResult(0);
}
);
GraphServiceClient graphClient=新GraphServiceClient(delegateAuthenticationProvider);
var calendar=await graphClient.Me.calendar.Request().GetAsync();
返回日历;
}
这就是我获取访问令牌的方式:
公共异步任务getAcessTokenAsync()
{
if(User.Identity.IsAuthenticated)
{
var userId=User.FindFirst(“MicrosoftUserId”)?.Value;
机密客户端应用程序=
新的机密客户端应用程序(配置[“MicrosoftAuth:ClientId”],
格式(System.Globalization.CultureInfo.InvariantCulture,“https://login.microsoftonline.com/{0}{1}、“/v2.0”、“/common”,
配置[“MicrosoftAuth:RedirectUri”]+“登录oidc”,
新的Microsoft.Identity.Client.ClientCredential(配置[“MicrosoftAuth:ClientSecret”]),
新建SessionTokenCache(userId,\ u memoryCache).GetCacheInstance(),
无效);
var token=wait cca.AcquireTokenForClientAsync(新字符串[]{”https://graph.microsoft.com/.default"});
返回token.AccessToken;
}
其他的
抛出新异常(“用户未被自动验证”);
}
最后,这是身份验证选项在启动文件中的外观
services.AddAuthentication().AddOpenIdConnect(openIdOptions =>
{
openIdOptions.ResponseType = OpenIdConnectResponseType.CodeIdToken;
openIdOptions.Authority = String.Format(CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}{1}", "common", "/v2.0");
openIdOptions.ClientId = Configuration["MicrosoftAuth:ClientId"];
openIdOptions.ClientSecret = Configuration["MicrosoftAuth:ClientSecret"];
openIdOptions.SaveTokens = true;
openIdOptions.TokenValidationParameters = new TokenValidationParameters{
ValidateIssuer = false
};
var scopes = Configuration["MicrosoftAuth:Scopes"].Split(' ');
foreach (string scope in scopes){
openIdOptions.Scope.Add(scope);
}
openIdOptions.Events = new OpenIdConnectEvents{
OnAuthorizationCodeReceived = async (context) =>
{
var userId = context.Principal.Claims.First(item => item.Type == ObjectIdentifierType).Value;
IMemoryCache memoryCache = context.HttpContext.RequestServices.GetRequiredService<IMemoryCache>();
ConfidentialClientApplication cca =
new ConfidentialClientApplication( Configuration["MicrosoftAuth:ClientId"],
String.Format(CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}{1}{2}", "common", "/v2.0", "/adminconsent"),
Configuration["MicrosoftAuth:RedirectUri"]+ "signin-oidc",
new Microsoft.Identity.Client.ClientCredential(Configuration["MicrosoftAuth:ClientSecret"]),
new SessionTokenCache(userId,memoryCache).GetCacheInstance(),
null);
var code = context.ProtocolMessage.Code;
var result = await cca.AcquireTokenByAuthorizationCodeAsync(code,new string[]{"User.Read.All", "Calendars.ReadWrite"});
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
},
};
});
services.AddAuthentication().AddOpenIdConnect(openIdOptions=>
{
openIdOptions.ResponseType=OpenIdConnectResponseType.CodeIdToken;
openIdOptions.Authority=String.Format(CultureInfo.InvariantCulture,“https://login.microsoftonline.com/{0}{1}、“/v2.0”);
openIdOptions.ClientId=配置[“MicrosoftAuth:ClientId”];
openIdOptions.ClientSecret=配置[“MicrosoftAuth:ClientSecret”];
openIdOptions.SaveTokens=true;
openIdOptions.TokenValidationParameters=新的TokenValidationParameters{
validateisuer=false
};
var scopes=Configuration[“MicrosoftAuth:scopes”]。拆分(“”);
foreach(作用域中的字符串作用域){
openIdOptions.Scope.Add(Scope);
}
openIdOptions.Events=新的OpenIdConnectEvents{
OnAuthorizationCodeReceived=async(上下文)=>
{
var userId=context.Principal.Claims.First(item=>item.Type==ObjectIdentifierType).Value;
IMemoryCache memoryCache=context.HttpContext.RequestServices.GetRequiredService();
机密客户端应用程序=
新的机密客户端应用程序(配置[“MicrosoftAuth:ClientId”],
格式(CultureInfo.InvariantCulture,“https://login.microsoftonline.com/{0}{1}{2}、“/v2.0”、“/adminconsent”),
配置[“MicrosoftAuth:RedirectUri”]+“登录oidc”,
新的Microsoft.Identity.Client.ClientCredential(配置[“MicrosoftAuth:ClientSecret”]),
新建SessionTokenCache(用户ID,memoryCache).GetCacheInstance(),
无效);
var code=context.ProtocolMessage.code;
var result=wait cca.AcquireTokenByAuthorizationCodeAsync(代码,新字符串[]{“User.Read.All”,“Calendars.ReadWrite”});
HandleCodeRedemption(result.AccessToken、result.IdToken);
},
};
});
我的应用程序已在Microsoft Application Registration Portal中注册,当我请求时,我确实获得了一个令牌,因此我不确定是什么原因导致了问题 预览线程也存在同样的问题。Azure AD发布了两种令牌,委托使用或应用。您获得的令牌正在使用客户端凭据流,该流是应用程序的委托。当您使用此类令牌请求时,没有
me
上下文(请参阅和以了解差异)
要将Microsoft Graph与web app集成并授权用户调用Microsoft Graph,您需要在
startup.cs
文件中配置时使用代码授权流(OnAuthorizationCodeReceived
事件)。我以为我正在这样做。我已将授权地址更改为https://login.microsoftonline.com/common/v2.0/authorize?
在openid选项中,以及OnAuthorizationCodeReceived
事件到https://