如何在不使用对话框的情况下在 Azure Active Directory 中授权?
How to authorize in Azure Active Directory without using dialog?
我的应用程序为所有用户显示了我的 power bi 帐户的仪表板,我通过对话框授权 Azure Active Directory 获取访问令牌。我可以在不使用授权对话框的情况下对我的凭据进行硬编码并获取访问令牌吗?
代码。它有效,但它正在使用授权对话框。
var @params = new NameValueCollection
{
{"response_type", "code"},
{"client_id", Properties.Settings.Default.ClientID},
{"resource", "https://analysis.windows.net/powerbi/api"},
{"redirect_uri", "http://localhost:13526/Redirect"}
};
var queryString = HttpUtility.ParseQueryString(string.Empty);
queryString.Add(@params);
string authorityUri = "https://login.windows.net/common/oauth2/authorize/";
var authUri = String.Format("{0}?{1}", authorityUri, queryString);
Response.Redirect(authUri);
Redirect.aspx
string redirectUri = "http://localhost:13526/Redirect";
string authorityUri = "https://login.windows.net/common/oauth2/authorize/";
string code = Request.Params.GetValues(0)[0];
TokenCache TC = new TokenCache();
AuthenticationContext AC = new AuthenticationContext(authorityUri, TC);
ClientCredential cc = new ClientCredential
(Properties.Settings.Default.ClientID,
Properties.Settings.Default.ClientSecret);
AuthenticationResult AR = AC.AcquireTokenByAuthorizationCode(code, new Uri(redirectUri), cc);
Session[_Default.authResultString] = AR;
Response.Redirect("/Default.aspx");
Default.aspx
string responseContent = string.Empty;
System.Net.WebRequest request = System.Net.WebRequest.Create(String.Format("{0}dashboards", baseUri)) as System.Net.HttpWebRequest;
request.Method = "GET";
request.ContentLength = 0;
request.Headers.Add("Authorization", String.Format("Bearer {0}", authResult.AccessToken));
using (var response = request.GetResponse() as System.Net.HttpWebResponse)
{
using (var reader = new System.IO.StreamReader(response.GetResponseStream()))
{
responseContent = reader.ReadToEnd();
PBIDashboards PBIDashboards = JsonConvert.DeserializeObject<PBIDashboards>(responseContent);
}
}
我在没有使用 ADAL 的情况下做过一次。对于 Power BI 也是如此,因为它们不提供应用程序权限,所以只提供委托。
注意:如果用户启用了 MFA、密码已过期等,则此方法将无效。
通常,您会希望使用交互式流程。
您甚至可以有一个引导过程,用户以交互方式登录并存储收到的刷新令牌。
只要该刷新令牌有效,就可以在后台使用它。
您需要用 grant_type=password 调用 AAD 令牌端点。您将在表单参数中指定用户名和密码,以及客户端 ID、客户端密码和资源 URI。
这是我写的函数:
private async Task<string> GetAccessToken()
{
string tokenEndpointUri = Authority + "oauth2/token";
var content = new FormUrlEncodedContent(new []
{
new KeyValuePair<string, string>("grant_type", "password"),
new KeyValuePair<string, string>("username", Username),
new KeyValuePair<string, string>("password", Password),
new KeyValuePair<string, string>("client_id", ClientId),
new KeyValuePair<string, string>("client_secret", ClientSecret),
new KeyValuePair<string, string>("resource", PowerBiResourceUri)
}
);
using (var client = new HttpClient())
{
HttpResponseMessage res = await client.PostAsync(tokenEndpointUri, content);
string json = await res.Content.ReadAsStringAsync();
AzureAdTokenResponse tokenRes = JsonConvert.DeserializeObject<AzureAdTokenResponse>(json);
return tokenRes.AccessToken;
}
}
这里的权威是https://login.microsoftonline.com/tenant-id/。这是我正在使用的响应 class:
class AzureAdTokenResponse
{
[JsonProperty("access_token")]
public string AccessToken { get; set; }
}
我希望您使用 UserCreadential 提供了 azure 订阅的用户名和密码,您可以获得 AccessToken 并调用您的 api。我希望它能帮助你。
string ResourceUrl="https://analysis.windows.net/powerbi/api";
string ClientId=Properties.Settings.Default.ClientID;//as per your code
AuthenticationContext authenticationContext = new AuthenticationContext(Constants.AuthString, false);
UserCredential csr = new UserCredential("your-username", "password");
AuthenticationResult authenticationResult = authenticationContext.AcquireToken(ResourceUrl,ClientId, usr);
string token = authenticationResult.AccessToken;
我的应用程序为所有用户显示了我的 power bi 帐户的仪表板,我通过对话框授权 Azure Active Directory 获取访问令牌。我可以在不使用授权对话框的情况下对我的凭据进行硬编码并获取访问令牌吗? 代码。它有效,但它正在使用授权对话框。
var @params = new NameValueCollection
{
{"response_type", "code"},
{"client_id", Properties.Settings.Default.ClientID},
{"resource", "https://analysis.windows.net/powerbi/api"},
{"redirect_uri", "http://localhost:13526/Redirect"}
};
var queryString = HttpUtility.ParseQueryString(string.Empty);
queryString.Add(@params);
string authorityUri = "https://login.windows.net/common/oauth2/authorize/";
var authUri = String.Format("{0}?{1}", authorityUri, queryString);
Response.Redirect(authUri);
Redirect.aspx
string redirectUri = "http://localhost:13526/Redirect";
string authorityUri = "https://login.windows.net/common/oauth2/authorize/";
string code = Request.Params.GetValues(0)[0];
TokenCache TC = new TokenCache();
AuthenticationContext AC = new AuthenticationContext(authorityUri, TC);
ClientCredential cc = new ClientCredential
(Properties.Settings.Default.ClientID,
Properties.Settings.Default.ClientSecret);
AuthenticationResult AR = AC.AcquireTokenByAuthorizationCode(code, new Uri(redirectUri), cc);
Session[_Default.authResultString] = AR;
Response.Redirect("/Default.aspx");
Default.aspx
string responseContent = string.Empty;
System.Net.WebRequest request = System.Net.WebRequest.Create(String.Format("{0}dashboards", baseUri)) as System.Net.HttpWebRequest;
request.Method = "GET";
request.ContentLength = 0;
request.Headers.Add("Authorization", String.Format("Bearer {0}", authResult.AccessToken));
using (var response = request.GetResponse() as System.Net.HttpWebResponse)
{
using (var reader = new System.IO.StreamReader(response.GetResponseStream()))
{
responseContent = reader.ReadToEnd();
PBIDashboards PBIDashboards = JsonConvert.DeserializeObject<PBIDashboards>(responseContent);
}
}
我在没有使用 ADAL 的情况下做过一次。对于 Power BI 也是如此,因为它们不提供应用程序权限,所以只提供委托。
注意:如果用户启用了 MFA、密码已过期等,则此方法将无效。 通常,您会希望使用交互式流程。 您甚至可以有一个引导过程,用户以交互方式登录并存储收到的刷新令牌。 只要该刷新令牌有效,就可以在后台使用它。
您需要用 grant_type=password 调用 AAD 令牌端点。您将在表单参数中指定用户名和密码,以及客户端 ID、客户端密码和资源 URI。
这是我写的函数:
private async Task<string> GetAccessToken()
{
string tokenEndpointUri = Authority + "oauth2/token";
var content = new FormUrlEncodedContent(new []
{
new KeyValuePair<string, string>("grant_type", "password"),
new KeyValuePair<string, string>("username", Username),
new KeyValuePair<string, string>("password", Password),
new KeyValuePair<string, string>("client_id", ClientId),
new KeyValuePair<string, string>("client_secret", ClientSecret),
new KeyValuePair<string, string>("resource", PowerBiResourceUri)
}
);
using (var client = new HttpClient())
{
HttpResponseMessage res = await client.PostAsync(tokenEndpointUri, content);
string json = await res.Content.ReadAsStringAsync();
AzureAdTokenResponse tokenRes = JsonConvert.DeserializeObject<AzureAdTokenResponse>(json);
return tokenRes.AccessToken;
}
}
这里的权威是https://login.microsoftonline.com/tenant-id/。这是我正在使用的响应 class:
class AzureAdTokenResponse
{
[JsonProperty("access_token")]
public string AccessToken { get; set; }
}
我希望您使用 UserCreadential 提供了 azure 订阅的用户名和密码,您可以获得 AccessToken 并调用您的 api。我希望它能帮助你。
string ResourceUrl="https://analysis.windows.net/powerbi/api";
string ClientId=Properties.Settings.Default.ClientID;//as per your code
AuthenticationContext authenticationContext = new AuthenticationContext(Constants.AuthString, false);
UserCredential csr = new UserCredential("your-username", "password");
AuthenticationResult authenticationResult = authenticationContext.AcquireToken(ResourceUrl,ClientId, usr);
string token = authenticationResult.AccessToken;