2017-06-20 53 views
1

我試圖驗證Microsoft AD Graph API與ADAL並在發佈到Azure時出現以下異常:嘗試在Azure發佈上驗證圖形客戶端的異常:「無法無聲獲取令牌。」調用方法AcquireToken「

「無法默默獲得令牌。調用方法AcquireToken」

,當我在本地運行,它工作正常。

 public GraphServiceClient GetAuthGraphClient() 
     { 

     string graphResourceID = "https://graph.microsoft.com/"; 

     return new GraphServiceClient(
      new DelegateAuthenticationProvider(async (requestMessage) => 
      { 
       string accessToken = await GetTokenForApplication(graphResourceID); 
       requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", accessToken); 
      } 
      )); 

     } 
     public async Task<string> GetTokenForApplication(string graphResourceID) 
     { 
     string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; 
     string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; 
     string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; 

     try { 
      // get a token for the Graph without triggering any user interaction (from the cache, via multi-resource refresh token, etc) 
      ClientCredential clientcred = new ClientCredential(clientId, appKey); 
      // initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's database 
      AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance + tenantID, new ADALTokenCache(signedInUserID)); 
      AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenSilentAsync(graphResourceID, clientcred, UserIdentifier.AnyUser); 
      return authenticationResult.AccessToken; 
     } 
     catch (Exception e) 
     { 
       // Capture error for handling outside of catch block 
       ErrorMessage = e.Message; 

      return null; 
     } 

    } 

更新 每@Fei薛我已經更新了我的代碼以下:

public string GetTokenForApplication(string graphResourceID) 
    { 
    string signedInUserID = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value; 
    string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; 
    string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value; 
    string authority = "https://login.microsoftonline.com/" + tenantID; 


    try { 
     // get a token for the Graph without triggering any user interaction (from the cache, via multi-resource refresh token, etc) 
     ClientCredential clientcred = new ClientCredential(clientId, appKey); 
     // initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's database 
     AuthenticationContext authenticationContext = new AuthenticationContext(authority); 
     var token = authenticationContext.AcquireTokenAsync(graphResourceID, clientcred).Result.AccessToken; 
     return token; 
    } 
    catch (Exception e) 
    { 
     ErrorMessage = e.Message; 
     return null; 
    } 

    } 
    public GraphServiceClient GetAuthGraphClient() 
    { 
    string graphResourceID = "https://graph.microsoft.com/"; 

    return new GraphServiceClient(
     new DelegateAuthenticationProvider((requestMessage) => 
     { 
      string accessToken = GetTokenForApplication(graphResourceID); 
      requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", accessToken); 
      return Task.FromResult(0); 
     } 
     )); 
    } 

以下是輸出,所以我認爲這是返回令牌成功現在:

iisexpress.exe Information: 0 : 6/20/2017 12:23:36 PM: 29c5558f-e33b-4312-b235-612909ac1309 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned: 
    Access Token Hash: <a long access token> 
    Refresh Token Hash: [No Refresh Token] 
    Expiration Time: 6/20/2017 1:23:34 PM +00:00 
    User Hash: null 

但是,現在,我不認爲我正確地獲取用戶配置文件。它是否正確?

public void GetUserProfile(GraphServiceClient graphClient) 
{ 
    this.User = Task.Run(async() => { return await graphClient.Me.Request().GetAsync(); }).Result; 
} 

因爲我的Viewmodel的用戶屬性沒有得到任何數據。

回答

1

AcquireTokenSilentAsync方法嘗試從緩存獲取令牌或使用刷新令牌刷新訪問令牌。

如果您正在開發服務,則可以考慮使用client credentials flow對Azure AD進行身份驗證。以下是供您參考的代碼:

string authority = "https://login.microsoftonline.com/{tenant}"; 

string clientId = ""; 
string secret = ""; 
string resource = "https://graph.microsoft.com/"; 

var credential = new ClientCredential(clientId, secret); 
AuthenticationContext authContext = new AuthenticationContext(authority); 

var token = authContext.AcquireTokenAsync(resource, credential).Result.AccessToken; 

此外,請確保您已配置足夠的權限以調用相應的Microsoft Graph REST。您可以參考下面的鏈接瞭解詳細的許可:

Microsoft Graph permissions reference

+0

謝謝薛飛!我更新了上面的帖子,以顯示將我的代碼更新爲您的建議後會發生的情況。它看起來像是現在成功獲取訪問令牌。我也有足夠的權限來調用Graph REST。 –

+0

@ProperNouns如果依賴有助於解決問題,請接受它作爲答案,以便其他具有相同問題的社區可以輕鬆識別解決方案。 –

+0

薛,我已經標記爲正確的答案。請參閱我上面的更新。我是否正確地調用用戶配置文件?我應該問另一個問題嗎? –

相關問題