我试图检索访问令牌,以便我可以存储它,并在稍后将它传递给ExchangeService。 Startup.Auth看起来是这样的:在MVC应用程序中获取访问令牌
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
UseTokenLifetime = false,
/*
* Skipping the Home Realm Discovery Page in Azure AD
* http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/
*/
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = OpenIdConnectNotification.RedirectToIdentityProvider,
MessageReceived = OpenIdConnectNotification.MessageReceived,
SecurityTokenReceived = OpenIdConnectNotification.SecurityTokenReceived,
SecurityTokenValidated = OpenIdConnectNotification.SecurityTokenValidated,
AuthorizationCodeReceived = OpenIdConnectNotification.AuthorizationCodeReceived,
AuthenticationFailed = OpenIdConnectNotification.AuthenticationFailed
},
});
然后在SecurityTokenValidated我这样做:
public static async Task<Task> SecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
{
string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
var authContext = new AuthenticationContext(aadInstance + "/oauth2/token", false);
var authResult =await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code,
new Uri(aadInstance), new ClientAssertion(clientId, "5a95f1c6be7bf3c61f6392ec84ddd044acef61d9"));
var accessToken = authResult.Result.AccessToken;
context.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", accessToken));
return Task.FromResult(0);
}
我没有得到任何错误,但在应用程序挂起在这条线:
var accessToken = authResult.Result.AccessToken;
ClientAssertion是使用我在IIS中安装的SSL证书的指纹构建的,不确定证书是否是错误的类型...
更新: 我更新了SecurityTokenValidated以反映Saca的评论,但我得到一个“AADSTS50027:无效的JWT令牌。令牌格式无效“错误这样 我也试过这样的代码:
string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
var authContext = new AuthenticationContext(aadInstance, false);
var cert = new X509Certificate2("...", "...");
var cacert = new ClientAssertionCertificate(clientId, cert);
var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code, new Uri(aadInstance), cacert);
var accessToken = authResult.AccessToken;
context.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", accessToken));
return Task.FromResult(0);
但这样一来,我得到” AADSTS70002:错误验证凭据。 AADSTS50012:客户端断言包含无效签名“
这固定了挂件,但我仍然没有access_token。该应用程序加载,然后当我试图访问令牌的声明不存在... –
嗯...我认为铬缓存了一些东西,因为我试图在IE中测试,我得到了一个不好的请求,这解释了缺少令牌。现在的问题是如何找出我的要求有什么不好? :( –