C# 502.3在.NET Core 2.2中调用AcquireTokenAsync时
我遇到了一个问题。我正在使用Microsoft Graph通过C# 502.3在.NET Core 2.2中调用AcquireTokenAsync时,c#,.net-core,microsoft-graph-api,C#,.net Core,Microsoft Graph Api,我遇到了一个问题。我正在使用Microsoft Graph通过onBehalfOfmGraphAuthenticationProvider.cs获取当前登录用户,如下所示 这一直工作得很完美,但我一直在进行重构,在尝试执行我的authContext.AcquireTokenAsync()方法时,突然出现了一个错误 HTTP Error 502.3 - Bad Gateway 所讨论的代码如下所示: public async Task AuthenticateRequestAsync(HttpR
onBehalfOfmGraphAuthenticationProvider.cs
获取当前登录用户,如下所示
这一直工作得很完美,但我一直在进行重构,在尝试执行我的authContext.AcquireTokenAsync()
方法时,突然出现了一个错误
HTTP Error 502.3 - Bad Gateway
所讨论的代码如下所示:
public async Task AuthenticateRequestAsync(HttpRequestMessage request) {
var httpContext = _httpContextAccessor.HttpContext;
//Get the access token used to call this API
string token = await httpContext.GetTokenAsync("access_token");
//We are passing an *assertion* to Azure AD about the current user
//Here we specify that assertion's type, that is a JWT Bearer token
string assertionType = "urn:ietf:params:oauth:grant-type:jwt-bearer";
//User name is needed here only for ADAL, it is not passed to AAD
//ADAL uses it to find a token in the cache if available
var user = httpContext.User;
string userName =
user.FindFirst(ClaimTypes.Upn).Value ?? user.FindFirst(ClaimTypes.Email).Value;
var userAssertion = new UserAssertion(token, assertionType, userName);
//Construct the token cache
var cache = new DistributedTokenCache(user, _distributedCache,
_loggerFactory, _dataProtectionProvider);
var authContext = new AuthenticationContext(_configuration["AzureAd:Instance"] +
_configuration["AzureAd:TenantId"], true, cache);
var clientCredential = new ClientCredential(_configuration["AzureAd:ClientId"],
(string) _configuration["AzureAd:ClientSecret"]);
//Acquire access token
var result = await authContext.AcquireTokenAsync("https://graph.microsoft.com", clientCredential, userAssertion); //This is where it crashes
//Set the authentication header
request.Headers.Authorization = new AuthenticationHeaderValue(result.AccessTokenType, result.AccessToken);
}
我从我的订单控制器调用它
:
// POST: api/Orders
[HttpPost]
public async Task<IActionResult> CreateAsync([FromBody] OrderDTO order) {
if (!ModelState.IsValid) {
return BadRequest(ModelState);
}
var graphUser = await this.graphApiService.GetUserProfileAsync();
//POST:api/Orders
[HttpPost]
公共异步任务CreateAsync([FromBody]OrderdToOrder){
如果(!ModelState.IsValid){
返回请求(ModelState);
}
var graphUser=wait this.graphhapiservice.GetUserProfileAsync();
重构包括将我的解决方案分为两个类库项目和一个web项目,后者有控制器和React应用程序。GraphapicClient
提供程序位于核心库中,如下所示:
public async Task AuthenticateRequestAsync(HttpRequestMessage request) {
var httpContext = _httpContextAccessor.HttpContext;
//Get the access token used to call this API
string token = await httpContext.GetTokenAsync("access_token");
//We are passing an *assertion* to Azure AD about the current user
//Here we specify that assertion's type, that is a JWT Bearer token
string assertionType = "urn:ietf:params:oauth:grant-type:jwt-bearer";
//User name is needed here only for ADAL, it is not passed to AAD
//ADAL uses it to find a token in the cache if available
var user = httpContext.User;
string userName =
user.FindFirst(ClaimTypes.Upn).Value ?? user.FindFirst(ClaimTypes.Email).Value;
var userAssertion = new UserAssertion(token, assertionType, userName);
//Construct the token cache
var cache = new DistributedTokenCache(user, _distributedCache,
_loggerFactory, _dataProtectionProvider);
var authContext = new AuthenticationContext(_configuration["AzureAd:Instance"] +
_configuration["AzureAd:TenantId"], true, cache);
var clientCredential = new ClientCredential(_configuration["AzureAd:ClientId"],
(string) _configuration["AzureAd:ClientSecret"]);
//Acquire access token
var result = await authContext.AcquireTokenAsync("https://graph.microsoft.com", clientCredential, userAssertion); //This is where it crashes
//Set the authentication header
request.Headers.Authorization = new AuthenticationHeaderValue(result.AccessTokenType, result.AccessToken);
}
尝试使用AcquireToken而不是AcquireTokenAsync
azureAuthenticationContext.AcquireToken
因此,当我将包Microsoft.IdentityModel.Clients.ActiveDirectory从v3.19.8升级到v4.4.1时,问题就出现了。出于某种原因,v3.19.8以上的版本都不能使用我的代码,导致在我尝试调用时崩溃,但一旦我降级,问题就消失了。可能这是身份验证问题sue
\u配置[“AzureAd:Instance”]+\u配置[“AzureAd:TenantId”]
的输出是什么?@marclafler:我已经检查过了,输出是正确的。它们都与正确的guid对应(出于安全原因,我不想键入它们)@bestinamir谢谢你的回答!这不是对的调用,但是-当这个问题出现时,我已经成功地完成了调用,现在我想使用我得到的令牌调用Graph API。这以前已经奏效了-让我困惑的是我得到了一个奇怪的错误。权限不应该是两个GUID,它应该是颁发者的URI标记的名称。例如https://login.microsoftonline.com/{tenant name}.onmicrosoft.com
感谢您的回答!很遗憾,AuthenticationContext不包含AcquireToken的定义。好的,我的错误..AcquireToken位于Microsoft.IdentityModel.Clients.ActiveDirectory(V2.28.3.860)中用于.NET framework项目。以下是在.NET CoreazureAuthenticationContext.AcquireTokenAsync(resource,cred).Result中工作的代码。请尝试安装此软件包“安装软件包Microsoft.IdentityModel.Clients.ActiveDirectory-版本4.4.1”谢谢,但这正是我到目前为止一直在做的事情。不幸的是,它不起作用!