C# Microsoft Graph-无法以静默方式获取令牌
我正在尝试从我的web应用程序中的Microsoft graph获取数据 当我调用C# Microsoft Graph-无法以静默方式获取令牌,c#,asp.net-mvc,token,microsoft-graph-api,C#,Asp.net Mvc,Token,Microsoft Graph Api,我正在尝试从我的web应用程序中的Microsoft graph获取数据 当我调用AcquireTokenSilentAsync()时,我得到错误“无法以静默方式获取令牌。调用方法AcquireToken” 因此,我随后尝试使用AcquireTokenAsync()方法。然而,当我尝试访问资源时,我得到了403-禁止 我已经在Fiddler中测试过了,效果很好 当我检查来自AcquireTokenAsync()的令牌并将其与从fiddler获得的令牌进行比较时,它大约是长度的1/3。我不知道这是
AcquireTokenSilentAsync()
时,我得到错误“无法以静默方式获取令牌。调用方法AcquireToken”
因此,我随后尝试使用AcquireTokenAsync()
方法。然而,当我尝试访问资源时,我得到了403-禁止
我已经在Fiddler中测试过了,效果很好
当我检查来自AcquireTokenAsync()
的令牌并将其与从fiddler获得的令牌进行比较时,它大约是长度的1/3。我不知道这是否是一个问题,是否有修复
有人知道这个问题的解决方案吗
我的代码如下:
GetToken():
public async static Task<AuthenticationResult> GetTokenAsync(AuthenticationContext ctx, string resourceId)
{
ClientCredential credential = new ClientCredential(OfficeSettings.ClientId, OfficeSettings.ClientSecret);
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
UserIdentifier ident = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
var redirectUrl = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
try
{
var result = await ctx.AcquireTokenSilentAsync(resourceId, credential, ident);
//var result = await ctx.AcquireTokenAsync(resourceId, credential);
LastAuthority = ctx.Authority;
return result;
}
catch (AdalException e)
{
ctx.TokenCache.Clear();
return null;
}
catch (Exception ex)
{
throw ex;
}
}
private const string _allUsersUrl = "https://graph.microsoft.com/beta/users?$filter=displayName%20eq%20'{0}'";
public static async Task<List<string>> GetUserEmails(List<string> displayNames)
{
var emails = new List<string>();
using (var client = new HttpClient())
{
foreach (var name in displayNames)
{
var url = string.Format(_allUsersUrl, name.Replace(" ", "+")).Replace(" ", "%20");
using (var req = new HttpRequestMessage(HttpMethod.Get, url))
{
var token = await GetToken();
req.Headers.Add("Authorization", string.Format("Bearer {0}", token));
req.Headers.TryAddWithoutValidation("Content-Type", "application/json");
using (var response = await client.SendAsync(req))
{
//TODO: Forbidden error message. However, token seems to be retrieved correctly
var content = await response.Content.ReadAsStringAsync();
foreach (var item in JObject.Parse(content)["value"])
{
emails.Add(item["userPrincipalName"].ToString());
}
}
}
}
}
return emails;
}
公共异步静态任务GetTokenAsync(AuthenticationContext ctx,字符串resourceId)
{
ClientCredential=新的ClientCredential(OfficeSettings.ClientId,OfficeSettings.ClientSecret);
var userObjectId=ClaimsPrincipal.Current.FindFirst(“http://schemas.microsoft.com/identity/claims/objectidentifier1.价值;
UserIdentifier ident=新的UserIdentifier(userObjectId,UserIdentifierType.UniqueId);
var redirectUrl=newURI(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
尝试
{
var结果=等待ctx.AcquireTokenSilentAsync(资源ID、凭证、标识);
//var result=await ctx.AcquireTokenAsync(资源ID,凭证);
LastAuthority=ctx.Authority;
返回结果;
}
接住(二语)
{
ctx.TokenCache.Clear();
返回null;
}
捕获(例外情况除外)
{
掷骰子;
}
}
GetUserEmail()(访问资源):
public async static Task<AuthenticationResult> GetTokenAsync(AuthenticationContext ctx, string resourceId)
{
ClientCredential credential = new ClientCredential(OfficeSettings.ClientId, OfficeSettings.ClientSecret);
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
UserIdentifier ident = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
var redirectUrl = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
try
{
var result = await ctx.AcquireTokenSilentAsync(resourceId, credential, ident);
//var result = await ctx.AcquireTokenAsync(resourceId, credential);
LastAuthority = ctx.Authority;
return result;
}
catch (AdalException e)
{
ctx.TokenCache.Clear();
return null;
}
catch (Exception ex)
{
throw ex;
}
}
private const string _allUsersUrl = "https://graph.microsoft.com/beta/users?$filter=displayName%20eq%20'{0}'";
public static async Task<List<string>> GetUserEmails(List<string> displayNames)
{
var emails = new List<string>();
using (var client = new HttpClient())
{
foreach (var name in displayNames)
{
var url = string.Format(_allUsersUrl, name.Replace(" ", "+")).Replace(" ", "%20");
using (var req = new HttpRequestMessage(HttpMethod.Get, url))
{
var token = await GetToken();
req.Headers.Add("Authorization", string.Format("Bearer {0}", token));
req.Headers.TryAddWithoutValidation("Content-Type", "application/json");
using (var response = await client.SendAsync(req))
{
//TODO: Forbidden error message. However, token seems to be retrieved correctly
var content = await response.Content.ReadAsStringAsync();
foreach (var item in JObject.Parse(content)["value"])
{
emails.Add(item["userPrincipalName"].ToString());
}
}
}
}
}
return emails;
}
private const string\u allUsersUrl=”https://graph.microsoft.com/beta/users?$filter=displayName%20eq%20'{0}';
公共静态异步任务GetUserEmails(列表显示名称)
{
var=新列表();
使用(var client=new HttpClient())
{
foreach(displayNames中的变量名)
{
var url=string.Format(_allUsersUrl,name.Replace(“,“+”)).Replace(“,“%20”);
使用(var req=newhttprequestmessage(HttpMethod.Get,url))
{
var token=await GetToken();
Add(“Authorization”,string.Format(“Bearer{0}”,token));
req.Headers.TryAddWithoutValidation(“内容类型”、“应用程序/json”);
使用(var response=wait client.SendAsync(req))
{
//TODO:禁止的错误消息。但是,令牌似乎已正确检索
var content=await response.content.ReadAsStringAsync();
foreach(JObject.Parse(content)[“value”]中的var项)
{
emails.Add(item[“userPrincipalName”].ToString());
}
}
}
}
}
回复邮件;
}
编辑:
public async static Task<AuthenticationResult> GetTokenAsync(AuthenticationContext ctx, string resourceId)
{
ClientCredential credential = new ClientCredential(OfficeSettings.ClientId, OfficeSettings.ClientSecret);
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
UserIdentifier ident = new UserIdentifier(userObjectId, UserIdentifierType.UniqueId);
var redirectUrl = new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path));
try
{
var result = await ctx.AcquireTokenSilentAsync(resourceId, credential, ident);
//var result = await ctx.AcquireTokenAsync(resourceId, credential);
LastAuthority = ctx.Authority;
return result;
}
catch (AdalException e)
{
ctx.TokenCache.Clear();
return null;
}
catch (Exception ex)
{
throw ex;
}
}
private const string _allUsersUrl = "https://graph.microsoft.com/beta/users?$filter=displayName%20eq%20'{0}'";
public static async Task<List<string>> GetUserEmails(List<string> displayNames)
{
var emails = new List<string>();
using (var client = new HttpClient())
{
foreach (var name in displayNames)
{
var url = string.Format(_allUsersUrl, name.Replace(" ", "+")).Replace(" ", "%20");
using (var req = new HttpRequestMessage(HttpMethod.Get, url))
{
var token = await GetToken();
req.Headers.Add("Authorization", string.Format("Bearer {0}", token));
req.Headers.TryAddWithoutValidation("Content-Type", "application/json");
using (var response = await client.SendAsync(req))
{
//TODO: Forbidden error message. However, token seems to be retrieved correctly
var content = await response.Content.ReadAsStringAsync();
foreach (var item in JObject.Parse(content)["value"])
{
emails.Add(item["userPrincipalName"].ToString());
}
}
}
}
}
return emails;
}
我还检查了缓存的内容,并将其与传递给
AcquireTokenSilentAsync()的参数进行了比较
所有内容似乎都匹配。我找到的唯一解决方案是创建一个新的Azure应用程序,其权限与另一个完全相同,并将我的应用程序指向新的客户端ID和客户端机密。我不知道这为什么有效,但它确实有效,我现在可以查询图表了。我希望这对将来有帮助。我真的很难找到解决这个问题的办法?有人有什么解决办法吗??