1. 首頁
  2. 問答
  3. 使用C#刷新MS Graph的認證令牌

使用C#刷新MS Graph的認證令牌

2016-12-13 70 views
0

如何刷新認證令牌 Microsoft Graph使用Microsoft Graph .NET Client Library或其他使用C#?使用C#刷新MS Graph的認證令牌

什麼我目前做的是保持令牌靜態類:

public class TokenKeeper 
{ 
    public static string token = null; 
    public static string AcquireToken() 
    { 
     if (token == null || token.IsEmpty()) 
     { 
      throw new Exception("Authorization Required."); 
     } 
     return token; 
    } 
    public static void Clear() 
    { 
     token = null; 
    } 
}

我填補了啓動類令牌:

public partial class Startup 
{ 
    private static string AppKey = CloudConfigurationManager.GetSetting("ida:Password"); 
    private static string aadInstance = CloudConfigurationManager.GetSetting("ida:AADInstance"); 
    private static string TenantName = CloudConfigurationManager.GetSetting("ida:Tenant"); 
    private static string Authority = String.Format(CultureInfo.InvariantCulture, aadInstance, TenantName); 
    private static string graphResourceId = CloudConfigurationManager.GetSetting("ida:GraphUrl"); 
    private BpContext db = new BpContext(); 

    public void Configuration(IAppBuilder app) 
    { 
     ConfigureAuth(app); 
    } 

    public void ConfigureAuth(IAppBuilder app) 
    { 
     string ClientId = CloudConfigurationManager.GetSetting("ida:ClientID"); 
     string Authority = "https://login.microsoftonline.com/common/"; 

     app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); 

     app.UseCookieAuthentication(new CookieAuthenticationOptions()); 

     app.UseOpenIdConnectAuthentication(
      new OpenIdConnectAuthenticationOptions 
      { 
       ClientId = ClientId, 
       Authority = Authority, 
       Scope = "User.ReadBasic.All", 
       //Details omitted 
        AuthorizationCodeReceived = (context) => 
        { 
         var code = context.Code; 
         // Create a Client Credential Using an Application Key 
         ClientCredential credential = new ClientCredential(ClientId, AppKey); 
         string userObjectID = context.AuthenticationTicket.Identity.FindFirst(
          "http://schemas.microsoft.com/identity/claims/objectidentifier").Value; 
         AuthenticationContext authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectID)); 
         AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
          code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);      
         TokenKeeper.token = result.AccessToken; 

         return Task.FromResult(0); 
        } 
        //Details omitted 
       } 
      }); 
    } 
}

我也很清楚上登出令牌。

來源

2016-12-13 Farrukh Normuradov

回答

0

AuthenticationResult對象同時包含訪問令牌和刷新令牌。因此,刷新令牌也可以在TokenKeeper中保存,類似於訪問令牌。當訪問令牌過期(由AuthenticationResult.ExpiresOn指示)時,使用帶有AuthenticationContext.AcquireTokenByRefreshToken方法的刷新令牌來獲取新的訪問令牌。

如果您不想明確跟蹤刷新標記,請參閱ADAL Cache瞭解ADAL庫如何爲您完成。

來源

2016-12-13 22:29:18

+0

AcquireTokenByRefreshToken與AcquireSilentAccessToken一起不起作用。我得到了兩個例外。對於第一種情況:異常說明用戶是未知的(訪問令牌和刷新令牌現在被緩存並且正確,我證實了它),而後者僅引發AdalAuthenticationReqiredException。 –

0

您可以通過提供您與AccessToken一起收到的RefreshToken來刷新訪問令牌。由於您的代碼中有ID/Secret,因此您可以使用它們來提供ClientCredential。代碼示例如下:

var authContext = new AuthenticationContext(「https://login.microsoftonline.com/common」);
var result = authContext.AcquireTokenByRefreshToken(refreshToken,new ClientCredential(ClientId,AppKey));

來源

2016-12-14 13:36:26 spery

+0

我試過了,我從MS Graph中得到ServiceException,說用戶是未知的。 –

相關問題

 相關問題