ADAL v3:如何使用 UserPasswordCredential 进行身份验证?
ADAL v3: How to authenticate using UserPasswordCredential?
ADAL v3 具有 UserPasswordCredential class,但我找不到有效的实现。没有接受 UserPasswordCredential 或 UserCredential 类型的 AcquireToken 重载。在 ADAL v3 中执行用户名和密码流程的正确方法是什么?这段特定的代码使用完整的 .Net 4.5。
如果您是用客户端开发的,可以参考下面的代码获取token:
string authority = "https://login.microsoftonline.com/xxxx.onmicrosoft.com";
string resrouce = "https://graph.windows.net";
string clientId = "";
string userName = "";
string password = "";
UserPasswordCredential userPasswordCredential = new UserPasswordCredential(userName,password);
AuthenticationContext authContext = new AuthenticationContext(authority);
var token= authContext.AcquireTokenAsync(resrouce,clientId, userPasswordCredential).Result.AccessToken;
并且如果您使用 Web 应用程序进行开发(这不是常见的情况),ADAL V3 中没有此类方法来支持这种情况。作为解决方法,您可以自己构建请求。这里有一个例子供您参考:
POST: https://login.microsoftonline.com/xxxxx.onmicrosoft.com/oauth2/token
Content-Type: application/x-www-form-urlencoded
resource={resource}&client_id={clientId}&grant_type=password&username={userName}&password={password}&scope=openid&client_secret={clientSecret}
为了详细说明已接受答案的第二部分,这里是发出 POST 请求的实现:
From SettingHelper: public static string GetAuthorityEndpoint(string azuretenantId) => $"https://login.microsoftonline.com/{azuretenantId}/";
private static async Task<OAuthResult> AuthenticateAsync(string resource = "https://yourAzureADProtectedResource.url/")
{
var oauthEndpoint = new Uri(new Uri(SettingsHelper.GetAuthorityEndpoint("your AAD Tenent ID")), "oauth2/token");
using (var client = new HttpClient())
{
var result = await client.PostAsync(oauthEndpoint, new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("resource", resource),
new KeyValuePair<string, string>("client_id", "your AAD App Id"),
new KeyValuePair<string, string>("grant_type", "password"),
new KeyValuePair<string, string>("username", "your.user@yourtenent.url"),
new KeyValuePair<string, string>("password", "your password"),
new KeyValuePair<string, string>("scope", "openid"),
new KeyValuePair<string, string>("client_secret", "an access key for your AAD App"),
}));
var content = await result.Content.ReadAsStringAsync();
var authResult = JsonConvert.DeserializeObject<OAuthResult>(content);
return authResult;
}
}
class OAuthResult
{
public string Token_Type { get; set; }
public string Scope { get; set; }
public int Expires_In { get; set; }
public int Ext_Expires_In { get; set; }
public int Expires_On { get; set; }
public int Not_Before { get; set; }
public Uri Resource { get; set; }
public string Access_Token { get; set; }
}
然后您可以像这样继续使用身份验证结果:
private async Task<HttpClient> GetHttpClientWithAzureADAuthentication()
{
OAuthResult authResult;
try
{
authResult = await AuthenticateAsync();
var httpClient = GetHttpClient();
httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {authResult.Access_Token}");
return httpClient;
}
catch (Exception e)
{
Debug.WriteLine(e);
throw;
}
}
ADAL v3 具有 UserPasswordCredential class,但我找不到有效的实现。没有接受 UserPasswordCredential 或 UserCredential 类型的 AcquireToken 重载。在 ADAL v3 中执行用户名和密码流程的正确方法是什么?这段特定的代码使用完整的 .Net 4.5。
如果您是用客户端开发的,可以参考下面的代码获取token:
string authority = "https://login.microsoftonline.com/xxxx.onmicrosoft.com";
string resrouce = "https://graph.windows.net";
string clientId = "";
string userName = "";
string password = "";
UserPasswordCredential userPasswordCredential = new UserPasswordCredential(userName,password);
AuthenticationContext authContext = new AuthenticationContext(authority);
var token= authContext.AcquireTokenAsync(resrouce,clientId, userPasswordCredential).Result.AccessToken;
并且如果您使用 Web 应用程序进行开发(这不是常见的情况),ADAL V3 中没有此类方法来支持这种情况。作为解决方法,您可以自己构建请求。这里有一个例子供您参考:
POST: https://login.microsoftonline.com/xxxxx.onmicrosoft.com/oauth2/token
Content-Type: application/x-www-form-urlencoded
resource={resource}&client_id={clientId}&grant_type=password&username={userName}&password={password}&scope=openid&client_secret={clientSecret}
为了详细说明已接受答案的第二部分,这里是发出 POST 请求的实现:
From SettingHelper: public static string GetAuthorityEndpoint(string azuretenantId) => $"https://login.microsoftonline.com/{azuretenantId}/";
private static async Task<OAuthResult> AuthenticateAsync(string resource = "https://yourAzureADProtectedResource.url/")
{
var oauthEndpoint = new Uri(new Uri(SettingsHelper.GetAuthorityEndpoint("your AAD Tenent ID")), "oauth2/token");
using (var client = new HttpClient())
{
var result = await client.PostAsync(oauthEndpoint, new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("resource", resource),
new KeyValuePair<string, string>("client_id", "your AAD App Id"),
new KeyValuePair<string, string>("grant_type", "password"),
new KeyValuePair<string, string>("username", "your.user@yourtenent.url"),
new KeyValuePair<string, string>("password", "your password"),
new KeyValuePair<string, string>("scope", "openid"),
new KeyValuePair<string, string>("client_secret", "an access key for your AAD App"),
}));
var content = await result.Content.ReadAsStringAsync();
var authResult = JsonConvert.DeserializeObject<OAuthResult>(content);
return authResult;
}
}
class OAuthResult
{
public string Token_Type { get; set; }
public string Scope { get; set; }
public int Expires_In { get; set; }
public int Ext_Expires_In { get; set; }
public int Expires_On { get; set; }
public int Not_Before { get; set; }
public Uri Resource { get; set; }
public string Access_Token { get; set; }
}
然后您可以像这样继续使用身份验证结果:
private async Task<HttpClient> GetHttpClientWithAzureADAuthentication()
{
OAuthResult authResult;
try
{
authResult = await AuthenticateAsync();
var httpClient = GetHttpClient();
httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {authResult.Access_Token}");
return httpClient;
}
catch (Exception e)
{
Debug.WriteLine(e);
throw;
}
}