如何使用Azure AD获取应用程序令牌以查询具有应用程序凭据(=无用户模拟)的SharePoint?使用Azure AD令牌应用程序访问SharePoint Online
下面的代码完全适用于查询数据的用户,但我们需要不带模拟像列出集合中的所有网站,不考虑用户权限等
抛出异常获取信息:
的 “Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException” 发生在mscorlib.dll中,但未在用户代码中处理
附加信息:AADS TS70001:与标识符 'XXX' 应用目录sharepoint.com未找到
代码来获得令牌:
internal static async Task<string> GetSharePointAccessToken(string url, string userAccessTokenForImpersonation)
{
string clientID = @"<not posted on stack overflow>";
string clientSecret = @"<not posted on stack overflow>";
var appCred = new ClientCredential(clientID, clientSecret);
var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.windows.net/common");
// Use user assetion if provided, otherwise use principal account
AuthenticationResult authResult = null;
if (string.IsNullOrEmpty(userAccessTokenForImpersonation))
{
authResult = await authContext.AcquireTokenAsync(new Uri(url).GetLeftPart(UriPartial.Authority), appCred);
}
else
{
authResult = await authContext.AcquireTokenAsync(new Uri(url).GetLeftPart(UriPartial.Authority), appCred, new UserAssertion(userAccessTokenForImpersonation));
}
return authResult.AccessToken;
}
测试代码:
// Auth token from Bearer https://xxx.azurewebsites.net/.auth/me
string authHeader = @"<valid jwt bearer token from azure auth>";
var sharePointUrl = @"https://xxx.sharepoint.com/sites/testsite/";
string sharePrincipalToken = await GetSharePointAccessToken(sharePointUrl, null); // <-- doesn't work
string sharePointUserToken = await GetSharePointAccessToken(sharePointUrl, authHeader); // <-- works
Azure AD权限: