我正在使用Azure ADAL庫對用戶進行身份驗證的ASP.NET MVC5 Web App上工作正常,但是,當我手動向圖發送請求時,例如:GET https://graph.microsoft.com/v1.0/me或GET https://graph.microsoft.com/v1.0/groups?$ filter = from/displayName eq'whatever'。獲取Microsoft Graph API的有效訪問令牌
我嘗試更新Azure中的應用註冊以添加所需的圖形權限,並且我也嘗試創建新的應用註冊,無論我做什麼我的請求將始終迴應401未授權,是否有任何我缺少的?
編輯:從郵差示例響應
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "a142576b-acce-4e59-8a8d-adede61aaf59",
"date": "2017-04-05T13:27:36"
}
}
}
編輯:C#請求示例
public async Task<GroupGraph> GetGroupIdByDisplayName(string displayName)
{
var accessToken = await authenticationService.GetTokenUserOnly();
GroupGraph groupGraphResponse = null;
using (var client = new HttpClient())
{
using (var request = new HttpRequestMessage(HttpMethod.Get, $"https://graph.microsoft.com/v1.0/groups?$filter=from/displayName eq '{displayName}'"))
{
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using (var response = client.SendAsync(request).Result)
{
if (response.IsSuccessStatusCode)
{
using (var content = response.Content)
{
var result = await content.ReadAsStringAsync();
groupGraphResponse = JsonConvert.DeserializeObject<GroupGraph>(result);
}
}
}
}
}
return groupGraphResponse;
}
編輯:我得到令牌
public async Task<string> GetTokenUserOnly()
{
string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
// get a token for the Graph without triggering any user interaction (from the cache, via multi-resource refresh token, etc)
ClientCredential clientcred = new ClientCredential(clientId, appKey);
// initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's database
AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance + tenantID, new TableTokenCache(signedInUserID));
//AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenSilentAsync(graphResourceID, clientcred, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
AuthenticationResult authenticationResult = authenticationContext.AcquireToken(graphResourceID, clientcred);
return authenticationResult.AccessToken;
}
您能否描述一下當我手動將請求發送給圖表時,你的意思?您是否通過郵遞員或提琴手等工具發送請求?您是否在請求中包含了「授權」標頭? –
是的,我在我的請求中包含授權標頭,我嘗試使用郵遞員和C#發送我的請求。 – LunielleDev
請更新您的問題並添加代碼。你也應該看到關於401錯誤的細節。請將它們包含在您的問題中。 –