我正在使用Azure ADAL库对用户进行身份验证的ASP.NET MVC5 Web App上工作正常,但是,当我手动向图发送请求时,例如:GET https://graph.microsoft.com/v1.0/me或GET https://graph.microsoft.com/v1.0/groups?$ filter = from/displayName eq'whatever'。获取Microsoft Graph API的有效访问令牌
我尝试更新Azure中的应用注册以添加所需的图形权限,并且我也尝试创建新的应用注册,无论我做什么我的请求将始终回应401未授权,是否有任何我缺少的?
编辑:从邮差示例响应
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "a142576b-acce-4e59-8a8d-adede61aaf59",
"date": "2017-04-05T13:27:36"
}
}
}
编辑:C#请求示例
public async Task<GroupGraph> GetGroupIdByDisplayName(string displayName)
{
var accessToken = await authenticationService.GetTokenUserOnly();
GroupGraph groupGraphResponse = null;
using (var client = new HttpClient())
{
using (var request = new HttpRequestMessage(HttpMethod.Get, $"https://graph.microsoft.com/v1.0/groups?$filter=from/displayName eq '{displayName}'"))
{
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using (var response = client.SendAsync(request).Result)
{
if (response.IsSuccessStatusCode)
{
using (var content = response.Content)
{
var result = await content.ReadAsStringAsync();
groupGraphResponse = JsonConvert.DeserializeObject<GroupGraph>(result);
}
}
}
}
}
return groupGraphResponse;
}
编辑:我得到令牌
public async Task<string> GetTokenUserOnly()
{
string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
// get a token for the Graph without triggering any user interaction (from the cache, via multi-resource refresh token, etc)
ClientCredential clientcred = new ClientCredential(clientId, appKey);
// initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's database
AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance + tenantID, new TableTokenCache(signedInUserID));
//AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenSilentAsync(graphResourceID, clientcred, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
AuthenticationResult authenticationResult = authenticationContext.AcquireToken(graphResourceID, clientcred);
return authenticationResult.AccessToken;
}
您能否描述一下当我手动将请求发送给图表时,你的意思?您是否通过邮递员或提琴手等工具发送请求?您是否在请求中包含了“授权”标头? –
是的,我在我的请求中包含授权标头,我尝试使用邮递员和C#发送我的请求。 – LunielleDev
请更新您的问题并添加代码。你也应该看到关于401错误的细节。请将它们包含在您的问题中。 –