'authority' 应为Uri格式 参数名称:authority
'authority' should be in Uri format Parameter name: authority
我基于这个例子开发了我的 mvc 应用程序:
https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet
身份验证与 Azure AAD 完美配合,我可以看到用户已登录:
http://screencast.com/t/v7G6OgXC
但是在下面的controller中我想打印一些APP的属性,却出现了上面的错误
'authority' should be in Uri format Parameter name: authority
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.
Exception Details: System.ArgumentException: 'authority' should be in
Uri format Parameter name: authority
我在控制器中的代码是这样的:
using Microsoft.Azure.ActiveDirectory.GraphClient;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.IdentityModel.Protocols;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Globalization;
using System.Linq;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
namespace PruebasAD.Controllers
{
public class ActiveDirectoryController : Controller
{
private static string azureAdGraphApiEndPoint = ConfigurationManager.AppSettings["ida:AzureAdGraphApiEndPoint"];
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string appKey = ConfigurationManager.AppSettings["ida:AppKey"];
// GET: ActiveDirectory
public ActionResult GetAzureAadApp()
{
// Instantiate an instance of ActiveDirectoryClient.
Uri serviceRoot = new Uri(azureAdGraphApiEndPoint);
ActiveDirectoryClient adClient = new ActiveDirectoryClient(
serviceRoot,
async () => await GetAppTokenAsync());
// Create the extension property
string extPropertyName = "VehInfo";
ExtensionProperty extensionProperty = new ExtensionProperty()
{
Name = extPropertyName,
DataType = "String",
TargetObjects = { "User" }
};
Application app =(Application)adClient.Applications.Where(
a => a.AppId == clientId).ExecuteSingleAsync().Result;
if (app == null)
{
throw new ApplicationException("Unable to get a reference to application in Azure AD.");
}
return View(app);
}
private static async Task<string> GetAppTokenAsync()
{
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
string appKey = ConfigurationManager.AppSettings["ida:AppKey"];
string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
string azureAdGraphApiEndPoint = ConfigurationManager.AppSettings["ida:AzureAdGraphApiEndPoint"];
// This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API.
string graphResourceId = ConfigurationManager.AppSettings["ida:GraphResourceId"];
string Authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
// Instantiate an AuthenticationContext for my directory (see authString above).
AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);
// Create a ClientCredential that will be used for authentication.
// This is where the Client ID and Key/Secret from the Azure Management Portal is used.
ClientCredential clientCred = new ClientCredential(clientId, appKey);
// Acquire an access token from Azure AD to access the Azure AD Graph (the resource)
// using the Client ID and Key/Secret as credentials.
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(azureAdGraphApiEndPoint, clientCred);
// Return the access token.
return authenticationResult.AccessToken;
}
}
public class CompanyInfo
{
public int Nit;
public string Nombre;
}
}
和 web.config 为了安全起见更改了一些内容
<add key="ida:GraphResourceId" value="https://graph.windows.net" />
<add key="ida:GraphUserUrl" value="https://graph.windows.net/{0}/me?api-version=2013-11-08" />
<add key="ida:ClientId" value="xx-b1aa-42ab-9693-6c22d01ca338" />
<add key="ida:AppKey" value="xx/6Vsq0CuhQyYVcR5Vggw=" />
<add key="ida:Tenant" value="xx.onmicrosoft.com" />
<add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" />
<add key="ida:PostLogoutRedirectUri" value="https://localhost:44300/" />
<add key="ida:AzureAdGraphApiEndPoint" value="https://graph.windows.net/xx-d5f0-453b-8f60-2be9b41b2ea0" />
您需要将 Authority
传递给 AuthenticationContext()
而不是 aadInstance
:
// Instantiate an AuthenticationContext for my directory (see authString above).
AuthenticationContext authenticationContext = new AuthenticationContext(authority, false);
我基于这个例子开发了我的 mvc 应用程序: https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet
身份验证与 Azure AAD 完美配合,我可以看到用户已登录:
http://screencast.com/t/v7G6OgXC
但是在下面的controller中我想打印一些APP的属性,却出现了上面的错误
'authority' should be in Uri format Parameter name: authority Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ArgumentException: 'authority' should be in Uri format Parameter name: authority
我在控制器中的代码是这样的:
using Microsoft.Azure.ActiveDirectory.GraphClient;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.IdentityModel.Protocols;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Globalization;
using System.Linq;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
namespace PruebasAD.Controllers
{
public class ActiveDirectoryController : Controller
{
private static string azureAdGraphApiEndPoint = ConfigurationManager.AppSettings["ida:AzureAdGraphApiEndPoint"];
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string appKey = ConfigurationManager.AppSettings["ida:AppKey"];
// GET: ActiveDirectory
public ActionResult GetAzureAadApp()
{
// Instantiate an instance of ActiveDirectoryClient.
Uri serviceRoot = new Uri(azureAdGraphApiEndPoint);
ActiveDirectoryClient adClient = new ActiveDirectoryClient(
serviceRoot,
async () => await GetAppTokenAsync());
// Create the extension property
string extPropertyName = "VehInfo";
ExtensionProperty extensionProperty = new ExtensionProperty()
{
Name = extPropertyName,
DataType = "String",
TargetObjects = { "User" }
};
Application app =(Application)adClient.Applications.Where(
a => a.AppId == clientId).ExecuteSingleAsync().Result;
if (app == null)
{
throw new ApplicationException("Unable to get a reference to application in Azure AD.");
}
return View(app);
}
private static async Task<string> GetAppTokenAsync()
{
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
string appKey = ConfigurationManager.AppSettings["ida:AppKey"];
string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
string azureAdGraphApiEndPoint = ConfigurationManager.AppSettings["ida:AzureAdGraphApiEndPoint"];
// This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API.
string graphResourceId = ConfigurationManager.AppSettings["ida:GraphResourceId"];
string Authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
// Instantiate an AuthenticationContext for my directory (see authString above).
AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);
// Create a ClientCredential that will be used for authentication.
// This is where the Client ID and Key/Secret from the Azure Management Portal is used.
ClientCredential clientCred = new ClientCredential(clientId, appKey);
// Acquire an access token from Azure AD to access the Azure AD Graph (the resource)
// using the Client ID and Key/Secret as credentials.
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(azureAdGraphApiEndPoint, clientCred);
// Return the access token.
return authenticationResult.AccessToken;
}
}
public class CompanyInfo
{
public int Nit;
public string Nombre;
}
}
和 web.config 为了安全起见更改了一些内容
<add key="ida:GraphResourceId" value="https://graph.windows.net" />
<add key="ida:GraphUserUrl" value="https://graph.windows.net/{0}/me?api-version=2013-11-08" />
<add key="ida:ClientId" value="xx-b1aa-42ab-9693-6c22d01ca338" />
<add key="ida:AppKey" value="xx/6Vsq0CuhQyYVcR5Vggw=" />
<add key="ida:Tenant" value="xx.onmicrosoft.com" />
<add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" />
<add key="ida:PostLogoutRedirectUri" value="https://localhost:44300/" />
<add key="ida:AzureAdGraphApiEndPoint" value="https://graph.windows.net/xx-d5f0-453b-8f60-2be9b41b2ea0" />
您需要将 Authority
传递给 AuthenticationContext()
而不是 aadInstance
:
// Instantiate an AuthenticationContext for my directory (see authString above).
AuthenticationContext authenticationContext = new AuthenticationContext(authority, false);