1. 首页
  2. 问答
  3. 在MVC应用程序中获取访问令牌

在MVC应用程序中获取访问令牌

2016-07-12 48 views
2

我试图检索访问令牌,以便我可以存储它,并在稍后将它传递给ExchangeService。 Startup.Auth看起来是这样的:在MVC应用程序中获取访问令牌

app.UseOpenIdConnectAuthentication(
      new OpenIdConnectAuthenticationOptions 
      { 
       ClientId = clientId, 
       Authority = authority, 
       UseTokenLifetime = false, 
       /* 
       * Skipping the Home Realm Discovery Page in Azure AD 
       * http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/ 
       */ 
       Notifications = new OpenIdConnectAuthenticationNotifications 
       { 
        RedirectToIdentityProvider = OpenIdConnectNotification.RedirectToIdentityProvider, 
        MessageReceived = OpenIdConnectNotification.MessageReceived, 
        SecurityTokenReceived = OpenIdConnectNotification.SecurityTokenReceived, 
        SecurityTokenValidated = OpenIdConnectNotification.SecurityTokenValidated, 
        AuthorizationCodeReceived = OpenIdConnectNotification.AuthorizationCodeReceived, 
        AuthenticationFailed = OpenIdConnectNotification.AuthenticationFailed 
       }, 

      });

然后在SecurityTokenValidated我这样做:

public static async Task<Task> SecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context) 
    { 
     string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"]; 
     string clientId = ConfigurationManager.AppSettings["ida:ClientId"]; 
     var authContext = new AuthenticationContext(aadInstance + "/oauth2/token", false); 
     var authResult =await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code, 
      new Uri(aadInstance), new ClientAssertion(clientId, "‎5a95f1c6be7bf3c61f6392ec84ddd044acef61d9")); 
     var accessToken = authResult.Result.AccessToken; 
     context.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", accessToken)); 
     return Task.FromResult(0); 
    }

我没有得到任何错误,但在应用程序挂起在这条线:

var accessToken = authResult.Result.AccessToken;

ClientAssertion是使用我在IIS中安装的SSL证书的指纹构建的,不确定证书是否是错误的类型...

更新: 我更新了SecurityTokenValidated以反映Saca的评论,但我得到一个“AADSTS50027:无效的JWT令牌。令牌格式无效“错误这样 我也试过这样的代码:

string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"]; 
      string clientId = ConfigurationManager.AppSettings["ida:ClientId"]; 
      var authContext = new AuthenticationContext(aadInstance, false); 
      var cert = new X509Certificate2("...", "..."); 
      var cacert = new ClientAssertionCertificate(clientId, cert); 
      var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code, new Uri(aadInstance), cacert); 
      var accessToken = authResult.AccessToken; 
      context.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", accessToken)); 
      return Task.FromResult(0);

但这样一来,我得到” AADSTS70002:错误验证凭据。 AADSTS50012:客户端断言包含无效签名“

来源

2016-07-12 Oana Marina

回答

1

我设法获得访问令牌题刻这样的:

public static async Task<Task> SecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context) 
    { 
     string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"]; 
     string clientId = ConfigurationManager.AppSettings["ida:ClientId"]; 
     string clientSecret = ConfigurationManager.AppSettings["ida:ClientSecret"]; 
     string source = ConfigurationManager.AppSettings["ExchangeOnlineId"]; 

     var authContext = new AuthenticationContext(aadInstance, false); 
     var credentials = new ClientCredential(clientId, clientSecret); 
     var appRedirectUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + "/"; 
     var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code, new Uri(appRedirectUrl), credentials, source); 
     var accessToken = authResult.AccessToken; 
     var applicationUserIdentity = new ClaimsIdentity(context.OwinContext.Authentication.User.Identity); 
     applicationUserIdentity.AddClaim(new Claim("AccessToken", accessToken)); 
     context.OwinContext.Authentication.User.AddIdentity(applicationUserIdentity); 
     return Task.FromResult(0); 
    }

起初,我想用一个ClientAssertion所以我没有揭露CLIE NT秘密,但它太多的工作管理证书...

来源

2016-07-14 21:15:55

3

应用程序挂起,因为你的阻塞异步taskby访问authResult的。结果结果

你应该修改成:。

public static async Task SecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context) 
{ 
    string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"]; 
    string clientId = ConfigurationManager.AppSettings["ida:ClientId"]; 
    var authContext = new AuthenticationContext(aadInstance + "/oauth2/token", false); 
    var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code, 
     new Uri(aadInstance), new ClientAssertion(clientId, "‎5a95f1c6be7bf3c61f6392ec84ddd044acef61d9")); 
    var accessToken = authResult.AccessToken; 
    context.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", accessToken)); 
}

来源

2016-07-13 07:23:39 Saca

+0

这固定了挂件,但我仍然没有access_token。该应用程序加载,然后当我试图访问令牌的声明不存在... –

+0

嗯...我认为铬缓存了一些东西,因为我试图在IE中测试,我得到了一个不好的请求,这解释了缺少令牌。现在的问题是如何找出我的要求有什么不好? :( –

相关问题

 相关问题