令牌获取期间未找到缓存令牌
No cache tokens were found during token acquisition
我想从ASP.NETMVC应用程序的控制器发送请求37=]Microsoft Azure Cloud Active Directory 并从仍部署在 Microsoft Azure Cloud Active Directory.
上的服务接收响应
为此,我下载了一个您可以从 here 看到的示例,并为我自己定制了它。我的操作的详细文档包含在同一个 link.
中
当我在我的 Azure 门户上测试服务和 Web 应用程序时,我在 header:
中遇到错误消息
Failed to acquire token silently as no token was found in the cache.
Call method AcquireToken
错误发生在我的控制器中的以下部分:
ClientCredential credential = new ClientCredential( clientId, appKey );
result = await authContext.AcquireTokenSilentAsync( todoListResourceId, credential, new UserIdentifier( userObjectID, UserIdentifierType.UniqueId ) );
clientId: 我在 Azure AD 上安装的 Web 应用程序的标识符(例如:c95d45dd-ba7f-41be-a995-1db604afff32)
appKey: 我的 Web 应用程序在门户中的隐藏键值
todoListResourceId: 我在 Azure AD 上安装的 API 应用程序的标识(例如:4cfebcb4-6f2e-4eeb-84f2-4220f65774ed)
userObjectID: 从以下代码段返回的值
string userObjectID = ClaimsPrincipal.Current.FindFirst( "http://schemas.microsoft.com/identity/claims/objectidentifier" ).Value;
即在浏览器中在线的用户的值。如我的 GitHub link 上的文档所述,此值不是我登录 Azure 门户时使用的 Microsoft 帐户,而是我注册到 [=37= 的用户的值]Azure 活动目录
之前有和这个话题类似的话题讨论和回答,但是这个回答没有解决我的问题
我已经工作了好几天了,但我还没有收到 GET、POST 的回复, PUT, DELETE 服务中的方法。我一直在处理标题中的错误。我在等你的帮助。
您收到此错误的原因是因为调用 acquiretokensilentasync 预计会在缓存为空时抛出该错误。此调用旨在被 try catch 捕获。如果确实抛出此错误,则应调用 acquiretokenasync 调用。
除此之外,您似乎正在尝试将客户端凭据流与 acquiretokensilentasync 调用结合使用,这不是根据 ADAL wiki 文档使用的正确方法。
请参阅此处了解如何正确执行此操作:https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Client-credential-flows
看起来您正在使用一个应用程序 ID 和秘密,根据上面链接的文档具体说明如何执行此操作的方法是:
AuthenticationContext authenticationContext = new AuthenticationContext("https://login.microsoftonline.com/<tenantId>");
AuthenticationResult result = await authenticationContext.AcquireTokenAsync("https://resourceUrl", clientCredential);
可以在此处找到专门针对 acquiretokensilentasync 调用的更多文档:https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/AcquireTokenSilentAsync-using-a-cached-token
来自上面的文档:
Recommended pattern to acquire a token
Now that you have seen both AcquireTokenAsync, AcquireTokenSilentAsync, it's the right moment to
present the recommended usage pattern for calling these methods. The
idea is that you want to minimize the number of signings for the user,
and therefore you'd want to:
first try to acquire a token silently, and if this call fails you try
to get one interactively. Note that, AcquireTokenSilent does not need
to be called in the Client credentials flow (when the application
acquires token without a user, but in its own name)
Note that AcquireTokenSilent can fail for several reasons, such as the
cache does not contain a token for the user, or the token has expired
and cannot be refreshed. For these reasons, a call to
AcquireTokenAsync will usually get a token. But there are also issues
such as network problems, STS unavailability, etc., which won't be
directly solvable. You will see them in more details in the article
about best practices for Handling errors.
除此之外,您似乎正在使用 ADAL 库,我建议转移到 MSAL 库,因为 Microsoft 正在慢慢转向使用 MSAL 库,并且在将来的某个时候(也许遥远的未来)离开 ADAL/V1.0 端点。然而,目前没有明确的日期。可以在此处找到有关从 ADAL 转移到 MSAL 的文档:
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Adal-to-Msal
我想从ASP.NETMVC应用程序的控制器发送请求37=]Microsoft Azure Cloud Active Directory 并从仍部署在 Microsoft Azure Cloud Active Directory.
上的服务接收响应为此,我下载了一个您可以从 here 看到的示例,并为我自己定制了它。我的操作的详细文档包含在同一个 link.
中当我在我的 Azure 门户上测试服务和 Web 应用程序时,我在 header:
中遇到错误消息Failed to acquire token silently as no token was found in the cache. Call method AcquireToken
错误发生在我的控制器中的以下部分:
ClientCredential credential = new ClientCredential( clientId, appKey );
result = await authContext.AcquireTokenSilentAsync( todoListResourceId, credential, new UserIdentifier( userObjectID, UserIdentifierType.UniqueId ) );
clientId: 我在 Azure AD 上安装的 Web 应用程序的标识符(例如:c95d45dd-ba7f-41be-a995-1db604afff32)
appKey: 我的 Web 应用程序在门户中的隐藏键值
todoListResourceId: 我在 Azure AD 上安装的 API 应用程序的标识(例如:4cfebcb4-6f2e-4eeb-84f2-4220f65774ed)
userObjectID: 从以下代码段返回的值
string userObjectID = ClaimsPrincipal.Current.FindFirst( "http://schemas.microsoft.com/identity/claims/objectidentifier" ).Value;
即在浏览器中在线的用户的值。如我的 GitHub link 上的文档所述,此值不是我登录 Azure 门户时使用的 Microsoft 帐户,而是我注册到 [=37= 的用户的值]Azure 活动目录
之前有和这个话题类似的话题讨论和回答
我已经工作了好几天了,但我还没有收到 GET、POST 的回复, PUT, DELETE 服务中的方法。我一直在处理标题中的错误。我在等你的帮助。
您收到此错误的原因是因为调用 acquiretokensilentasync 预计会在缓存为空时抛出该错误。此调用旨在被 try catch 捕获。如果确实抛出此错误,则应调用 acquiretokenasync 调用。
除此之外,您似乎正在尝试将客户端凭据流与 acquiretokensilentasync 调用结合使用,这不是根据 ADAL wiki 文档使用的正确方法。
请参阅此处了解如何正确执行此操作:https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Client-credential-flows
看起来您正在使用一个应用程序 ID 和秘密,根据上面链接的文档具体说明如何执行此操作的方法是:
AuthenticationContext authenticationContext = new AuthenticationContext("https://login.microsoftonline.com/<tenantId>");
AuthenticationResult result = await authenticationContext.AcquireTokenAsync("https://resourceUrl", clientCredential);
可以在此处找到专门针对 acquiretokensilentasync 调用的更多文档:https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/AcquireTokenSilentAsync-using-a-cached-token
来自上面的文档:
Recommended pattern to acquire a token
Now that you have seen both AcquireTokenAsync, AcquireTokenSilentAsync, it's the right moment to present the recommended usage pattern for calling these methods. The idea is that you want to minimize the number of signings for the user, and therefore you'd want to:
first try to acquire a token silently, and if this call fails you try to get one interactively. Note that, AcquireTokenSilent does not need to be called in the Client credentials flow (when the application acquires token without a user, but in its own name)
Note that AcquireTokenSilent can fail for several reasons, such as the cache does not contain a token for the user, or the token has expired and cannot be refreshed. For these reasons, a call to AcquireTokenAsync will usually get a token. But there are also issues such as network problems, STS unavailability, etc., which won't be directly solvable. You will see them in more details in the article about best practices for Handling errors.
除此之外,您似乎正在使用 ADAL 库,我建议转移到 MSAL 库,因为 Microsoft 正在慢慢转向使用 MSAL 库,并且在将来的某个时候(也许遥远的未来)离开 ADAL/V1.0 端点。然而,目前没有明确的日期。可以在此处找到有关从 ADAL 转移到 MSAL 的文档:
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Adal-to-Msal