应用程序使用Azure AD令牌访问SharePoint Online
如何获取应用程序令牌以使用Azure AD使用应用程序凭据(=无用户模拟)查询SharePoint 下面的代码非常适合作为用户查询数据,但是我们需要在不进行模拟的情况下获取信息,比如列出集合中的所有站点,而不管用户权限如何等等 引发异常: 类型的例外 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' 在mscorlib.dll中发生,但未在用户代码中处理 附加信息:AADSTS70001:标识符为“xxx”的应用程序 在sharepoint.com目录中找不到 获取令牌的代码:应用程序使用Azure AD令牌访问SharePoint Online,sharepoint,azure-active-directory,adal,Sharepoint,Azure Active Directory,Adal,如何获取应用程序令牌以使用Azure AD使用应用程序凭据(=无用户模拟)查询SharePoint 下面的代码非常适合作为用户查询数据,但是我们需要在不进行模拟的情况下获取信息,比如列出集合中的所有站点,而不管用户权限如何等等 引发异常: 类型的例外 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException' 在mscorlib.dll中发生,但未在用户代码中处理 附加信息:AADSTS70001:标识符为“xxx
internal static async Task<string> GetSharePointAccessToken(string url, string userAccessTokenForImpersonation)
{
string clientID = @"<not posted on stack overflow>";
string clientSecret = @"<not posted on stack overflow>";
var appCred = new ClientCredential(clientID, clientSecret);
var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.windows.net/common");
// Use user assetion if provided, otherwise use principal account
AuthenticationResult authResult = null;
if (string.IsNullOrEmpty(userAccessTokenForImpersonation))
{
authResult = await authContext.AcquireTokenAsync(new Uri(url).GetLeftPart(UriPartial.Authority), appCred);
}
else
{
authResult = await authContext.AcquireTokenAsync(new Uri(url).GetLeftPart(UriPartial.Authority), appCred, new UserAssertion(userAccessTokenForImpersonation));
}
return authResult.AccessToken;
}
// Auth token from Bearer https://xxx.azurewebsites.net/.auth/me
string authHeader = @"<valid jwt bearer token from azure auth>";
var sharePointUrl = @"https://xxx.sharepoint.com/sites/testsite/";
string sharePrincipalToken = await GetSharePointAccessToken(sharePointUrl, null); // <-- doesn't work
string sharePointUserToken = await GetSharePointAccessToken(sharePointUrl, authHeader); // <-- works
内部静态异步任务GetSharePointAccessToken(字符串url,字符串userAccessTokenForImpersonation)
{
字符串clientID=@“”;
字符串clientSecret=@“”;
var appCred=新的ClientCredential(clientID,clientSecret);
var authContext=新的Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(“https://login.windows.net/common");
//如果提供,则使用用户资产,否则使用主体账户
AuthenticationResult authResult=null;
if(string.IsNullOrEmpty(userAccessTokenForImpersonation))
{
authResult=await-authContext.AcquireTokenAsync(新Uri(url).GetLeftPart(Uriplate.Authority),appCred);
}
其他的
{
authResult=await-authContext.AcquireTokenAsync(新Uri(url).GetLeftPart(Uriplate.Authority),appCred,new-UserAssertion(userAccessTokenForImpersonation));
}
返回authResult.AccessToken;
}
测试代码:
internal static async Task<string> GetSharePointAccessToken(string url, string userAccessTokenForImpersonation)
{
string clientID = @"<not posted on stack overflow>";
string clientSecret = @"<not posted on stack overflow>";
var appCred = new ClientCredential(clientID, clientSecret);
var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.windows.net/common");
// Use user assetion if provided, otherwise use principal account
AuthenticationResult authResult = null;
if (string.IsNullOrEmpty(userAccessTokenForImpersonation))
{
authResult = await authContext.AcquireTokenAsync(new Uri(url).GetLeftPart(UriPartial.Authority), appCred);
}
else
{
authResult = await authContext.AcquireTokenAsync(new Uri(url).GetLeftPart(UriPartial.Authority), appCred, new UserAssertion(userAccessTokenForImpersonation));
}
return authResult.AccessToken;
}
// Auth token from Bearer https://xxx.azurewebsites.net/.auth/me
string authHeader = @"<valid jwt bearer token from azure auth>";
var sharePointUrl = @"https://xxx.sharepoint.com/sites/testsite/";
string sharePrincipalToken = await GetSharePointAccessToken(sharePointUrl, null); // <-- doesn't work
string sharePointUserToken = await GetSharePointAccessToken(sharePointUrl, authHeader); // <-- works
//来自承载者的身份验证令牌https://xxx.azurewebsites.net/.auth/me
字符串authHeader=@“”;
var sharePointUrl=@”https://xxx.sharepoint.com/sites/testsite/";
string sharePrincipalToken=等待GetSharePointAccessToken(sharePointUrl,null);// 您收到的错误消息意味着您正在与指向我们的令牌服务的用户登录,以在“sharepoint.com”上下文中获取令牌
这是因为您使用的是“公共”端点。阅读更多关于这方面的信息
相反,尝试使用固定端点,其中租户与注册应用程序的位置相同,看看这是否解决了您的问题
如果您的计划是让多个租户可以访问此应用程序,请确保您已将应用程序显式设置为多租户,然后确保有来自外部租户的用户尝试登录该应用程序,然后再尝试执行服务对服务调用
让我知道这是否有帮助