如何将代表用户的 Azure 广告与 appid 连接?
How to connect Azure ad on behalf of user with appid?
我需要创建架构扩展。
以下:
Create schemaExtension - Microsoft Graph v1.0 | Microsoft Docs
代码是:
var authenticationContext = new AuthenticationContext(authString, false);
ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(resourceId, clientCred);
string token = authenticationResult.AccessToken;
var responseString = String.Empty;
using (var client = new HttpClient())
{
string requestUrl = "https://graph.microsoft.com/beta/schemaExtensions";
string postJson = "{\"id\":\"graphlearn_courses\",\"description\": \"Graph Learn training courses extensions\", \"targetTypes\":[\"Group\"], \"properties\": [{ \"name\": \"courseId\",\"type\": \"Integer\"}, {\"name\": \"courseName\",\"type\": \"String\"}, {\"name\": \"courseType\", \"type\": \"String\"}]}";
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, requestUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
request.Content = new StringContent(postJson, Encoding.UTF8, "application/json");
Debug.WriteLine(request.ToString());
HttpResponseMessage response = client.SendAsync(request).Result;
responseString = response.Content.ReadAsStringAsync().Result;
}
令牌:
"roles": [
"User.ReadWrite.All",
"Group.Read.All",
"Directory.ReadWrite.All",
"User.Read.All"
],
没有得到:Directory.AccessAsUser.All
用户凭据:
UserPasswordCredential userCred = new UserPasswordCredential(userId, userPassword);
var authenticationContext = new AuthenticationContext(authString, false);
ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(resourceId, clientId, userCred);
string token = authenticationResult.AccessToken;
错误:
AADSTS70002:
The request body must contain the following parameter:
'client_secret or client_assertion'
关于如何代表用户将 Azure 广告与 appid 连接有什么想法吗?
您没有获得委派权限,因为您正在使用客户端凭据授权进行身份验证。您本质上是作为应用程序进行身份验证,因此不涉及任何用户。
您将需要使用不同的方式进行身份验证。在 GitHub 上查看 this sample。
尤其是 AuthenticationHelper class,它使用以下方式进行身份验证:
AuthenticationContext authenticationContext = new AuthenticationContext(UserModeConstants.AuthString, false);
AuthenticationResult userAuthnResult = await authenticationContext.AcquireTokenAsync(GlobalConstants.ResourceUrl,
UserModeConstants.ClientId, redirectUri, new PlatformParameters(PromptBehavior.RefreshSession));
TokenForUser = userAuthnResult.AccessToken;
Console.WriteLine("\n Welcome " + userAuthnResult.UserInfo.GivenName + " " +
userAuthnResult.UserInfo.FamilyName);
找到解决方案 。
在 Azure 门户中创建应用程序时,您应该将 "Application Type" 更改为“NATIVE CLIENT APPLICATION”
我需要创建架构扩展。
以下: Create schemaExtension - Microsoft Graph v1.0 | Microsoft Docs
代码是:
var authenticationContext = new AuthenticationContext(authString, false);
ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(resourceId, clientCred);
string token = authenticationResult.AccessToken;
var responseString = String.Empty;
using (var client = new HttpClient())
{
string requestUrl = "https://graph.microsoft.com/beta/schemaExtensions";
string postJson = "{\"id\":\"graphlearn_courses\",\"description\": \"Graph Learn training courses extensions\", \"targetTypes\":[\"Group\"], \"properties\": [{ \"name\": \"courseId\",\"type\": \"Integer\"}, {\"name\": \"courseName\",\"type\": \"String\"}, {\"name\": \"courseType\", \"type\": \"String\"}]}";
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, requestUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
request.Content = new StringContent(postJson, Encoding.UTF8, "application/json");
Debug.WriteLine(request.ToString());
HttpResponseMessage response = client.SendAsync(request).Result;
responseString = response.Content.ReadAsStringAsync().Result;
}
令牌:
"roles": [
"User.ReadWrite.All",
"Group.Read.All",
"Directory.ReadWrite.All",
"User.Read.All"
],
没有得到:Directory.AccessAsUser.All
用户凭据:
UserPasswordCredential userCred = new UserPasswordCredential(userId, userPassword);
var authenticationContext = new AuthenticationContext(authString, false);
ClientCredential clientCred = new ClientCredential(clientId, clientSecret);
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(resourceId, clientId, userCred);
string token = authenticationResult.AccessToken;
错误:
AADSTS70002: The request body must contain the following parameter: 'client_secret or client_assertion'
关于如何代表用户将 Azure 广告与 appid 连接有什么想法吗?
您没有获得委派权限,因为您正在使用客户端凭据授权进行身份验证。您本质上是作为应用程序进行身份验证,因此不涉及任何用户。
您将需要使用不同的方式进行身份验证。在 GitHub 上查看 this sample。
尤其是 AuthenticationHelper class,它使用以下方式进行身份验证:
AuthenticationContext authenticationContext = new AuthenticationContext(UserModeConstants.AuthString, false);
AuthenticationResult userAuthnResult = await authenticationContext.AcquireTokenAsync(GlobalConstants.ResourceUrl,
UserModeConstants.ClientId, redirectUri, new PlatformParameters(PromptBehavior.RefreshSession));
TokenForUser = userAuthnResult.AccessToken;
Console.WriteLine("\n Welcome " + userAuthnResult.UserInfo.GivenName + " " +
userAuthnResult.UserInfo.FamilyName);
找到解决方案
在 Azure 门户中创建应用程序时,您应该将 "Application Type" 更改为“NATIVE CLIENT APPLICATION”