UWP 应用程序中的 ADAL 持久性令牌缓存
ADAL Persistent TokenCache in UWP Application
我正在新的 Windows 10 UWP 应用程序中进行简单的 AAD 身份验证。它工作得很好,除了我不希望用户在每次启动应用程序时都输入他们的凭据。据我了解,默认的共享 TokenCache 应该会自动执行此操作,但在应用程序启动后我第一次调用 AcquireTokenAsync 时会弹出身份验证对话框。
有趣的是,我可以调用 TokenCache.ReadItems() 并且我的 TokenCacheItem 就在那里。
我的 ADAL 轨迹如下。如您所见,令牌已反序列化,但它并不认为它与当前用户匹配。谢谢!
2016-02-27 18:30:56:8139 Type: Informational Id: 2 Message: '2/28/2016 12:30:56 AM: - TokenCache.cs: Deserialized 1 items to token cache.'
2016-02-27 18:30:56:8199 Type: Informational Id: 2 Message: '2/28/2016 12:30:56 AM: - AuthenticationContext.cs: ADAL WinRT with assembly version '2.21.0.0', file version '2.21.30122.1612' and informational version '99c728ed4636738ad0f97ca000a9d88cc5b75cc0' is running...'
2016-02-27 18:30:56:8364 Type: Informational Id: 2 Message: '2/28/2016 12:30:56 AM: 12cc879d-1196-43ef-9e03-389a69dd4432 - AcquireTokenHandlerBase.cs: === Token Acquisition started:
Authority: https://login.windows.net/common/
Resource: https://management.core.windows.net/
ClientId: 486c0900-9582-4672-92af-37013e31958d
CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
Authentication Target: User
'
2016-02-27 18:30:56:8569 Type: Informational Id: 2 Message: '2/28/2016 12:30:56 AM: - TokenCache.cs: Deserialized 1 items to token cache.'
2016-02-27 18:30:56:8589 Type: Verbose Id: 1 Message: '2/28/2016 12:30:56 AM: 12cc879d-1196-43ef-9e03-389a69dd4432 - TokenCache.cs: Looking up cache for a token...'
2016-02-27 18:30:56:8679 Type: Informational Id: 2 Message: '2/28/2016 12:30:56 AM: 12cc879d-1196-43ef-9e03-389a69dd4432 - TokenCache.cs: No matching token was found in the cache'
2016-02-27 18:30:56:8989 Type: Informational Id: 2 Message: '2/28/2016 12:30:56 AM: 12cc879d-1196-43ef-9e03-389a69dd4432 - AcquireTokenInteractiveHandler.cs: Cannot access user information to determine whether it is a local user or not due to machine's privacy setting.'
更新
多亏了 Kanishk 提供的link,我才得以解决这个问题。我强烈建议阅读完整的 post,但这是我最终所做的:
_authenticationContext = new AuthenticationContext("https://login.windows.net/common");
var tokenCacheItem = _authenticationContext.TokenCache.ReadItems().FirstOrDefault();
if (tokenCacheItem != null)
{
_authenticationContext = new AuthenticationContext($"https://login.windows.net/{tokenCacheItem.TenantId}");
}
发生这种情况是因为身份验证上下文正在使用“https://login.windows.net/common/" instead of tenant specific endpoint. Check out http://www.cloudidentity.com/blog/2014/08/26/the-common-endpoint-walks-like-a-tenant-talks-like-a-tenant-but-is-not-a-tenant/ 了解详细信息。
我正在新的 Windows 10 UWP 应用程序中进行简单的 AAD 身份验证。它工作得很好,除了我不希望用户在每次启动应用程序时都输入他们的凭据。据我了解,默认的共享 TokenCache 应该会自动执行此操作,但在应用程序启动后我第一次调用 AcquireTokenAsync 时会弹出身份验证对话框。
有趣的是,我可以调用 TokenCache.ReadItems() 并且我的 TokenCacheItem 就在那里。
我的 ADAL 轨迹如下。如您所见,令牌已反序列化,但它并不认为它与当前用户匹配。谢谢!
2016-02-27 18:30:56:8139 Type: Informational Id: 2 Message: '2/28/2016 12:30:56 AM: - TokenCache.cs: Deserialized 1 items to token cache.'
2016-02-27 18:30:56:8199 Type: Informational Id: 2 Message: '2/28/2016 12:30:56 AM: - AuthenticationContext.cs: ADAL WinRT with assembly version '2.21.0.0', file version '2.21.30122.1612' and informational version '99c728ed4636738ad0f97ca000a9d88cc5b75cc0' is running...'
2016-02-27 18:30:56:8364 Type: Informational Id: 2 Message: '2/28/2016 12:30:56 AM: 12cc879d-1196-43ef-9e03-389a69dd4432 - AcquireTokenHandlerBase.cs: === Token Acquisition started:
Authority: https://login.windows.net/common/
Resource: https://management.core.windows.net/
ClientId: 486c0900-9582-4672-92af-37013e31958d
CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (1 items)
Authentication Target: User
'
2016-02-27 18:30:56:8569 Type: Informational Id: 2 Message: '2/28/2016 12:30:56 AM: - TokenCache.cs: Deserialized 1 items to token cache.'
2016-02-27 18:30:56:8589 Type: Verbose Id: 1 Message: '2/28/2016 12:30:56 AM: 12cc879d-1196-43ef-9e03-389a69dd4432 - TokenCache.cs: Looking up cache for a token...'
2016-02-27 18:30:56:8679 Type: Informational Id: 2 Message: '2/28/2016 12:30:56 AM: 12cc879d-1196-43ef-9e03-389a69dd4432 - TokenCache.cs: No matching token was found in the cache'
2016-02-27 18:30:56:8989 Type: Informational Id: 2 Message: '2/28/2016 12:30:56 AM: 12cc879d-1196-43ef-9e03-389a69dd4432 - AcquireTokenInteractiveHandler.cs: Cannot access user information to determine whether it is a local user or not due to machine's privacy setting.'
更新 多亏了 Kanishk 提供的link,我才得以解决这个问题。我强烈建议阅读完整的 post,但这是我最终所做的:
_authenticationContext = new AuthenticationContext("https://login.windows.net/common");
var tokenCacheItem = _authenticationContext.TokenCache.ReadItems().FirstOrDefault();
if (tokenCacheItem != null)
{
_authenticationContext = new AuthenticationContext($"https://login.windows.net/{tokenCacheItem.TenantId}");
}
发生这种情况是因为身份验证上下文正在使用“https://login.windows.net/common/" instead of tenant specific endpoint. Check out http://www.cloudidentity.com/blog/2014/08/26/the-common-endpoint-walks-like-a-tenant-talks-like-a-tenant-but-is-not-a-tenant/ 了解详细信息。