C# 无法在.net core中调用图形API
net核心应用程序。我正在尝试在我的应用程序中调用Graph API。下面是我的代码。这是我在控制器上应用的策略C# 无法在.net core中调用图形API,c#,asp.net-core,azure-active-directory,microsoft-graph-api,C#,Asp.net Core,Azure Active Directory,Microsoft Graph Api,net核心应用程序。我正在尝试在我的应用程序中调用Graph API。下面是我的代码。这是我在控制器上应用的策略 [Authorize(Policy = "APGroupsOnly")] 下面是我在启动中添加的策略 services.AddAuthorization(options => { options.AddPolicy("APGroupsOnly", policy => policy.Requirements.Add(new GroupsCh
[Authorize(Policy = "APGroupsOnly")]
下面是我在启动中添加的策略
services.AddAuthorization(options =>
{
options.AddPolicy("APGroupsOnly", policy =>
policy.Requirements.Add(new GroupsCheckRequirement("YourGroupID")));
});
我试图从招摇过市的API。下面是我的招摇配置
"ClientId": "my client id",
"ClientSecret": "my client secrete",
"AuthorizationUrl": "https://login.microsoftonline.com/myid/oauth2/authorize",
"TokenUrl": "https://login.microsoftonline.com/myid/oauth2/token"
下面是我的MSGraphService.cs
public async Task<User> GetMeAsync(string accessToken)
{
User currentUserObject;
try
{
PrepareAuthenticatedClient(accessToken);
currentUserObject = await graphServiceClient.Me.Request().GetAsync();
}
catch (ServiceException e)
{
Debug.WriteLine("We could not fetch details of the currently signed-in user: " + $"{e}");
return null;
}
return currentUserObject;
}
private void PrepareAuthenticatedClient(string accessToken)
{
if (graphServiceClient == null)
{
// Create Microsoft Graph client.
try
{
graphServiceClient = new GraphServiceClient("https://graph.microsoft.com/.default",
new DelegateAuthenticationProvider(
async (requestMessage) =>
{
await Task.Run(() =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", accessToken);
});
}));
}
catch (Exception ex)
{
Debug.WriteLine($"Could not create a graph client {ex}");
}
}
}
公共异步任务GetMeAsync(字符串访问令牌)
{
用户当前用户对象;
尝试
{
PrepareAuthenticatedClient(accessToken);
currentUserObject=await graphServiceClient.Me.Request().GetAsync();
}
捕获(服务异常e)
{
WriteLine(“我们无法获取当前登录用户的详细信息:“+$”{e}”);
返回null;
}
返回currentUserObject;
}
私有void PrepareAuthenticatedClient(字符串访问令牌)
{
if(graphServiceClient==null)
{
//创建Microsoft图形客户端。
尝试
{
graphServiceClient=新的graphServiceClient(“https://graph.microsoft.com/.default",
新的DelegateAuthenticationProvider(
异步(请求消息)=>
{
等待任务。运行(()=>
{
requestMessage.Headers.Authorization=新的AuthenticationHeaderValue(“承载者”,accessToken);
});
}));
}
捕获(例外情况除外)
{
WriteLine($“无法创建图形客户端{ex}”);
}
}
}
下面是我的GroupsCheckHandler
public class GroupsCheckHandler : AuthorizationHandler<GroupsCheckRequirement>
{
private IHttpContextAccessor _httpContextAccessor;
private readonly IMSGraphService graphService;
public GroupsCheckHandler(IHttpContextAccessor httpContextAccessor, IMSGraphService MSGraphService)
{
_httpContextAccessor = httpContextAccessor;
this.graphService = MSGraphService;
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, GroupsCheckRequirement requirement)
{
var accessToken = _httpContextAccessor.HttpContext.Request.Headers["Authorization"];
User me = await graphService.GetMeAsync(accessToken);
}
}
公共类GroupsCheckHandler:AuthorizationHandler
{
专用IHttpContextAccessor_httpContextAccessor;
私有只读IMSGraphService graphService;
公共组ScheckHandler(IHttpContextAccessor httpContextAccessor,IMSGraphService MSGraphService)
{
_httpContextAccessor=httpContextAccessor;
this.graphService=MSGraphService;
}
受保护的重写异步任务HandleRequirementAsync(授权HandlerContext上下文,GroupsCheckRequirement)
{
var accessToken=_httpContextAccessor.HttpContext.Request.Headers[“Authorization”];
User me=wait graphService.GetMeAsync(accessToken);
}
}
每当我检查execute时,就会出现以下错误
我们无法获取当前登录用户的详细信息:状态代码:Unauthorized
Microsoft.Graph.ServiceException:代码:InvalidAuthenticationToken
消息:CompactToken解析失败,错误代码:80049217
下面是我的启动文件
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
azureActiveDirectoryOptions = configuration.GetSection("AzureAd").Get<AzureActiveDirectoryOptions>();
swaggerUIOptions = configuration.GetSection("Swagger").Get<SwaggerUIOptions>();
}
public IConfiguration Configuration { get; }
private readonly AzureActiveDirectoryOptions azureActiveDirectoryOptions;
private readonly SwaggerUIOptions swaggerUIOptions;
//
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddTransient<IMSGraphService, MSGraphService>();
services
.AddAuthentication(o =>
{
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
o.Authority = azureActiveDirectoryOptions.Authority;
o.TokenValidationParameters = new TokenValidationParameters
{
ValidAudiences = new List<string>
{
azureActiveDirectoryOptions.AppIdUri,
azureActiveDirectoryOptions.ClientId
},
ValidateIssuer = true,
ValidateAudience = true,
ValidIssuer = "https://myorg.onmicrosoft.com/oauth2/default",
RoleClaimType = ClaimTypes.Role
};
});
services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_1); ;
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" });
c.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Type = "oauth2",
Flow = "implicit",
AuthorizationUrl = swaggerUIOptions.AuthorizationUrl,
TokenUrl = swaggerUIOptions.TokenUrl,
Scopes = new Dictionary<string, string>
{
{"Read", "13469a45-a2ea-45a1-96e7-6580f57b6e30/.default" }
}
});
c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
{ "oauth2", new[] { "readAccess", "writeAccess" } }
});
});
services.AddAuthorization(options =>
{
options.AddPolicy("APGroupsOnly", policy =>
policy.Requirements.Add(new GroupsCheckRequirement("YourGroupID")));
});
services.AddScoped<IAuthorizationHandler, GroupsCheckHandler>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.RoutePrefix = "swagger";
c.OAuthClientId(swaggerUIOptions.ClientId);
c.OAuthClientSecret(swaggerUIOptions.ClientSecret);
c.OAuthRealm(azureActiveDirectoryOptions.ClientId);
c.OAuthAppName("Swagger");
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
c.OAuthAdditionalQueryStringParams(new Dictionary<string, string>() { { "resource", azureActiveDirectoryOptions.AppIdUri } });
});
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
}
公共类启动
{
公共启动(IConfiguration配置)
{
配置=配置;
azureActiveDirectoryOptions=configuration.GetSection(“AzureAd”).Get();
swaggerUIOptions=configuration.GetSection(“Swagger”).Get();
}
公共IConfiguration配置{get;}
专用只读AzureActiveDirectoryOptions AzureActiveDirectoryOptions;
私有只读SwaggerUIOptions SwaggerUIOptions;
//
//此方法由运行时调用。请使用此方法将服务添加到容器中。
public void配置服务(IServiceCollection服务)
{
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddSingleton();
services.AddTransient();
服务
.AddAuthentication(o=>
{
o、 DefaultScheme=JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o=>
{
o、 Authority=azureActiveDirectoryOptions.Authority;
o、 TokenValidationParameters=新的TokenValidationParameters
{
有效性=新列表
{
azureActiveDirectoryOptions.AppIdUri,
azureActiveDirectoryOptions.ClientId
},
validateisuer=true,
ValidateAudience=true,
ValidisUser=”https://myorg.onmicrosoft.com/oauth2/default",
RoleClaimType=ClaimTypes.Role
};
});
services.AddMvc(选项=>
{
var policy=new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()文件
.Build();
options.Filters.Add(新的授权过滤器(策略));
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddSwaggerGen(c=>
{
c、 SwaggerDoc(“v1”,新信息{Title=“My API”,Version=“v1”});
c、 AddSecurityDefinition(“oauth2”,新的OAuth2Scheme
{
Type=“oauth2”,
Flow=“隐式”,
AuthorizationUrl=swaggerUIOptions.AuthorizationUrl,
TokenUrl=swaggerUIOptions.TokenUrl,
范围=新字典
{
{“读取”,“13469a45-a2ea-45a1-96e7-6580f57b6e30/.default”}
}
});
c、 AddSecurityRequest(新字典)
{
{“oauth2”,新[]{“readAccess”,“writeAccess”}
});
});
services.AddAuthorization(选项=>
{
options.AddPolicy(“APGroupsOnly”,policy=>
policy.Requirements.Add(新的GroupsCheckRequirement(“YourGroupID”));
});
services.addScope();
}
//此方法由运行时调用。请使用此方法配置HTTP请求管道。
公共无效配置(IApplicationBuilder应用程序,IHostingEnvironment环境)
{
if(环境发展)(
Scopes = new Dictionary<string, string>
{
{ "api://XXXXX/accessApi","api://XXXXX/accessApi"}
}