C# 使用MSAL到MSGraph的守护进程
我收到错误AADSTS70002:验证凭据时出错。AADSTS50012:客户端断言访问群体声明与域颁发者不匹配 当运行此代码时C# 使用MSAL到MSGraph的守护进程,c#,microsoft-graph-api,msal,C#,Microsoft Graph Api,Msal,我收到错误AADSTS70002:验证凭据时出错。AADSTS50012:客户端断言访问群体声明与域颁发者不匹配 当运行此代码时 string[] scopes = new string[]{"https://graph.microsoft.com/.default"}; var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser); certStore.Open(OpenFlags.ReadOnly); v
string[] scopes = new string[]{"https://graph.microsoft.com/.default"};
var certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadOnly);
var cert = certStore.Certificates.Cast<X509Certificate2>().First(c => c.Thumbprint == "XXX-XXX etc");
var cas = new ClientAssertionCertificate(cert);
var cc = new Microsoft.Identity.Client.ClientCredential(cas);
var client = new Microsoft.Identity.Client.ConfidentialClientApplication("XX-XXX etc", "http://localhost", cc, new TokenCache(), new TokenCache() );
var authResult = await client.AcquireTokenForClientAsync(scopes);
var dap = new DelegateAuthenticationProvider(rm =>
{
rm.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("bearer", authResult.AccessToken);
return Task.FromResult(0);
});
var gClient = new GraphServiceClient(dap);
gClient.Me.Dump();
string[]scopes=新字符串[]{”https://graph.microsoft.com/.default"};
var certStore=new X509Store(StoreName.My,StoreLocation.CurrentUser);
打开(OpenFlags.ReadOnly);
var cert=certStore.Certificates.Cast().First(c=>c.Thumbprint==“XXX-XXX等”);
var cas=新客户证书(cert);
var cc=新的Microsoft.Identity.Client.ClientCredential(cas);
var client=新的Microsoft.Identity.client.SecretentialClientApplication(“XX-XXX等”)http://localhost“,cc,new-TokenCache(),new-TokenCache());
var authResult=await client.AcquireTokenForClientAsync(作用域);
var dap=新的DelegateAuthenticationProvider(rm=>
{
rm.Headers.Authorization=new System.Net.Http.Headers.AuthenticationHeaderValue(“bearer”,authResult.AccessToken);
返回Task.FromResult(0);
});
var gClient=新的GraphServiceClient(dap);
gClient.Me.Dump();
调用AcquireTokenForClientSync()
方法时出错
我找不到MSAL和守护程序客户端的任何在线文档,因为它们不可能进行用户身份验证
建议?发现了问题。我需要使用
secretentialclientapplication
构造函数的第二个重载,并像这样提供授权
string authorityFormat = "https://login.microsoftonline.com/{0}/v2.0";
string tennantId = "xxx-xx-xx";
然后
var-client=新的Microsoft.Identity.client.SecretentialClientApplication(“xxx-x-xx等”,string.Format(authorityFormat,Tennanti),”http://localhost“,cc,new-TokenCache(),new-TokenCache())代码>
代码为我指明了正确的方向