电子战:"The remote server returned error (401) Unauthorized"
EWS: "The remote server returned error (401) Unauthorized"
我试图从当前上下文中的所有项目中查找单个项目,但我似乎经常收到此错误消息:
The request failed. The remote server returned an error: (401) Unauthorized.
首先,我设置了一切以访问交换服务:
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationResult authenticationResult = null;
AuthenticationContext authenticationContext = new AuthenticationContext(
SettingsHelper.Authority, new model.ADALTokenCache(signInUserId));
authenticationResult = authenticationContext.AcquireToken(
SettingsHelper.ServerName,
new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret));
ExchangeService exchange = new ExchangeService(ExchangeVersion.Exchange2013);
exchange.Url = new Uri(SettingsHelper.ServerName + "ews/exchange.asmx");
exchange.TraceEnabled = true;
exchange.TraceFlags = TraceFlags.All;
exchange.Credentials = new OAuthCredentials(authenticationResult.AccessToken);
然后我定义我想要接收的项目(通过 ID):
ItemView view = new ItemView(5);
view.PropertySet = new PropertySet(BasePropertySet.IdOnly);
var tempId = id.Replace('-', '/').Replace('_', '+');
SearchFilter.IsEqualTo searchid = new SearchFilter.IsEqualTo(ItemSchema.Id, tempId);
最后但同样重要的是,我尝试在我的项目中搜索此项目:
FindItemsResults<Microsoft.Exchange.WebServices.Data.Item> results = exchange.FindItems(WellKnownFolderName.Inbox, searchid, view);
这就是我的错误发生的地方。我已经尝试过各种其他方法来做到这一点,但无论我做什么,我都没有获得授权。
有人能以正确的方式指导我解决这个问题吗?
编辑
我确实从以下位置收到了访问令牌:
authenticationResult = authenticationContext.AcquireToken(
SettingsHelper.ServerName,
new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret));
正如我通过调试代码所见。
虽然没有刷新令牌,但我不知道这是否有什么要说的?
编辑
我刚刚成功调试到 exchange.ResponseHeaders,我在其中看到了这个:
The access token is acquired using an authentication method that is
too weak to allow access for this application. Presented auth
strength was 1, required is 2
我decoded the JWT,因为这是我的结果:
{
typ: "JWT",
alg: "RS256",
x5t: "MnC_VZcATfM5pOYiJHMba9goEKY",
kid: "MnC_VZcATfM5pOYiJHMba9goEKY"
}.
{
aud: "https://outlook.office365.com/",
iss: "https://sts.windows.net/d35f5b06-f051-458d-92cc-2b8096b4b78b/",
iat: 1445416753,
nbf: 1445416753,
exp: 1445420653,
ver: "1.0",
tid: "d35f5b06-f051-458d-92cc-2b8096b4b78b",
oid: "c5da9088-987d-463f-a730-2706f23f3cc6",
sub: "c5da9088-987d-463f-a730-2706f23f3cc6",
idp: "https://sts.windows.net/d35f5b06-f051-458d-92cc-2b8096b4b78b/",
appid: "70af108f-5c8c-4ee4-a40f-ab0b6f5922e0",
appidacr: "1"
}.
[signature]
从这里到哪里去?
我以前在使用 EWS 时遇到过这个错误 "The access token is acquired using an authentication method that is too weak to allow access for this application. Presented auth strength was 1, required is 2"
您需要做的是使用证书强制执行身份验证。
AuthenticationContext authContext = new AuthenticationContext(authority);
exchangeService.Credentials = new OAuthCredentials(authContext.AcquireToken("https://outlook.office365.com", new ClientAssertionCertificate(ConfigurationManager.AppSettings["ida:ClientId"], certificate)).AccessToken);
关键部分是定义一个新的 ClientAssertionCertificate 作为您的 ClientAssertion。
您还必须修改 Azure Active Directory 应用程序的清单。
看这个参考(关于"Configuring a X.509 public cert for your application"的部分):https://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365
我试图从当前上下文中的所有项目中查找单个项目,但我似乎经常收到此错误消息:
The request failed. The remote server returned an error: (401) Unauthorized.
首先,我设置了一切以访问交换服务:
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationResult authenticationResult = null;
AuthenticationContext authenticationContext = new AuthenticationContext(
SettingsHelper.Authority, new model.ADALTokenCache(signInUserId));
authenticationResult = authenticationContext.AcquireToken(
SettingsHelper.ServerName,
new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret));
ExchangeService exchange = new ExchangeService(ExchangeVersion.Exchange2013);
exchange.Url = new Uri(SettingsHelper.ServerName + "ews/exchange.asmx");
exchange.TraceEnabled = true;
exchange.TraceFlags = TraceFlags.All;
exchange.Credentials = new OAuthCredentials(authenticationResult.AccessToken);
然后我定义我想要接收的项目(通过 ID):
ItemView view = new ItemView(5);
view.PropertySet = new PropertySet(BasePropertySet.IdOnly);
var tempId = id.Replace('-', '/').Replace('_', '+');
SearchFilter.IsEqualTo searchid = new SearchFilter.IsEqualTo(ItemSchema.Id, tempId);
最后但同样重要的是,我尝试在我的项目中搜索此项目:
FindItemsResults<Microsoft.Exchange.WebServices.Data.Item> results = exchange.FindItems(WellKnownFolderName.Inbox, searchid, view);
这就是我的错误发生的地方。我已经尝试过各种其他方法来做到这一点,但无论我做什么,我都没有获得授权。
有人能以正确的方式指导我解决这个问题吗?
编辑
我确实从以下位置收到了访问令牌:
authenticationResult = authenticationContext.AcquireToken(
SettingsHelper.ServerName,
new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret));
正如我通过调试代码所见。
虽然没有刷新令牌,但我不知道这是否有什么要说的?
编辑
我刚刚成功调试到 exchange.ResponseHeaders,我在其中看到了这个:
The access token is acquired using an authentication method that is too weak to allow access for this application. Presented auth strength was 1, required is 2
我decoded the JWT,因为这是我的结果:
{
typ: "JWT",
alg: "RS256",
x5t: "MnC_VZcATfM5pOYiJHMba9goEKY",
kid: "MnC_VZcATfM5pOYiJHMba9goEKY"
}.
{
aud: "https://outlook.office365.com/",
iss: "https://sts.windows.net/d35f5b06-f051-458d-92cc-2b8096b4b78b/",
iat: 1445416753,
nbf: 1445416753,
exp: 1445420653,
ver: "1.0",
tid: "d35f5b06-f051-458d-92cc-2b8096b4b78b",
oid: "c5da9088-987d-463f-a730-2706f23f3cc6",
sub: "c5da9088-987d-463f-a730-2706f23f3cc6",
idp: "https://sts.windows.net/d35f5b06-f051-458d-92cc-2b8096b4b78b/",
appid: "70af108f-5c8c-4ee4-a40f-ab0b6f5922e0",
appidacr: "1"
}.
[signature]
从这里到哪里去?
我以前在使用 EWS 时遇到过这个错误 "The access token is acquired using an authentication method that is too weak to allow access for this application. Presented auth strength was 1, required is 2"
您需要做的是使用证书强制执行身份验证。
AuthenticationContext authContext = new AuthenticationContext(authority);
exchangeService.Credentials = new OAuthCredentials(authContext.AcquireToken("https://outlook.office365.com", new ClientAssertionCertificate(ConfigurationManager.AppSettings["ida:ClientId"], certificate)).AccessToken);
关键部分是定义一个新的 ClientAssertionCertificate 作为您的 ClientAssertion。
您还必须修改 Azure Active Directory 应用程序的清单。
看这个参考(关于"Configuring a X.509 public cert for your application"的部分):https://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365