C# .net-core azure-active-directory microsoft-graph-sdks

使用委托身份验证获取不记名令牌

发布于 01-17 08:37 字数 718 浏览 3 评论 0原文

参考本文授权请求。如果我的应用程序用户已经登录，我该如何请求使用SDK或此API参考来获取我的配置文件：https://graph.microsoft.com/v1.0/me/

sdk code i写道：

public async Task<string> GetFullNameAsync()
    {
        try
        {
            var user = await _client.Me
                .Request()
                .Select(data => data.DisplayName)
                .GetAsync();
            return user.DisplayName;
        }
        catch (Exception ex)
        {
            return "404 Not Found";
        }
    }

为此，如何使用上述文章中提到的Web应用程序和.NET Core中的单个租户获得携带者令牌字符串？

原文

With reference to this article Authorization Request.
If my application user is already logged in, how can I request to get my profile using SDK or this API reference: https://graph.microsoft.com/v1.0/me/

SDK code I wrote:

public async Task<string> GetFullNameAsync()
    {
        try
        {
            var user = await _client.Me
                .Request()
                .Select(data => data.DisplayName)
                .GetAsync();
            return user.DisplayName;
        }
        catch (Exception ex)
        {
            return "404 Not Found";
        }
    }

For that, how can I get a bearer token string using delegated authentication for Web Application and single tenant in .NET Core as mentioned in the above article?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

演多会厌 2025-01-24 08:37:47

要使用授权身份验证获得携带者令牌，请检查下面是否有用：

使用 microsoft.Identity.web.microsoftgraph nuget软件包来实现来自ASP的图形API。 NET CORE WEB应用程序。
应用程序身份验证和授权是在启动类中设置的。
对于委派用户访问令牌使用 addmicrosoftitywebapiauthentication 方法如下示例代码：

public void ConfigureServices(IServiceCollection services)  
{  
services.AddHttpClient();  
services.AddScoped<GraphApiClientDirect>();  
services.AddMicrosoftIdentityWebApiAuthentication(Configuration)  
.EnableTokenAcquisitionToCallDownstreamApi()  
.AddInMemoryTokenCaches();  
services.AddControllers(options =>  
{  
var policy = new AuthorizationPolicyBuilder()  
.RequireAuthenticatedUser()  
.Build();  
options.Filters.Add(new AuthorizeFilter(policy));  
});  
}

使用 getAccestokesTokenForuserAsync 方法，以获取新的授权访问权限为所需范围的新委托访问令牌。
然后，可以在使用 Microsoft.Identity .web 软件包保护的API中使用 图形API客户端服务 。

[Authorize]  
[ApiController]  
[Route("[controller]")]  
public class GraphCallsController : ControllerBase  
{  
private readonly GraphApiClientDirect _graphApiClientDirect;  
  
public GraphCallsController(GraphApiClientDirect graphApiClientDirect)  
{  
_graphApiClientDirect = graphApiClientDirect;  
}  
[HttpGet]  
public async Task<string> Get()  
{  
var user = await _graphApiClientDirect.GetGraphApiUser()  
.ConfigureAwait(false);  
return user.DisplayName;  
}  
}

在ASP.NET核心应用程序中使用Graph API客户端时，必须使用正确的初始化。
使用 ihttpclientFactory 创建HTTPCLIENT实例以创建实例。
使用 itokenacquisition 和ihttpclientFactory接口来创建不同范围的grapenapiclient请求。

请在下面找到参考以详细了解：

使用asp.net core中的Microsoft Graph API |软件工程（damienbod.com）

.NET CORE API使用载体身份验证-Dotnet Playbook

To get bearer token using delegated authentication, please check the below if helpful:

Make use of Microsoft.Identity.Web.MicrosoftGraph nuget package to implement Graph API from an ASP. NET Core web application.
The application authentication and the authorization are setup in the Startup class.
For delegated user access token make use of AddMicrosoftIdentityWebApiAuthentication method as below sample code:

public void ConfigureServices(IServiceCollection services)  
{  
services.AddHttpClient();  
services.AddScoped<GraphApiClientDirect>();  
services.AddMicrosoftIdentityWebApiAuthentication(Configuration)  
.EnableTokenAcquisitionToCallDownstreamApi()  
.AddInMemoryTokenCaches();  
services.AddControllers(options =>  
{  
var policy = new AuthorizationPolicyBuilder()  
.RequireAuthenticatedUser()  
.Build();  
options.Filters.Add(new AuthorizeFilter(policy));  
});  
}

Use GetAccessTokenForUserAsync method, to get new delegated access token for required scopes.
The Graph API client service can then be used in the API which is protected using the Microsoft.Identity .Web packages.

[Authorize]  
[ApiController]  
[Route("[controller]")]  
public class GraphCallsController : ControllerBase  
{  
private readonly GraphApiClientDirect _graphApiClientDirect;  
  
public GraphCallsController(GraphApiClientDirect graphApiClientDirect)  
{  
_graphApiClientDirect = graphApiClientDirect;  
}  
[HttpGet]  
public async Task<string> Get()  
{  
var user = await _graphApiClientDirect.GetGraphApiUser()  
.ConfigureAwait(false);  
return user.DisplayName;  
}  
}

The correct initialization must be used while using Graph API client in ASP.NET Core applications for delegated access user access tokens.
Use the IHttpClientFactory to create the HttpClient instance to create instance.
Use ITokenAcquisition and the IHttpClientFactory interfaces to create the GraphApiClient requests for different scopes.

Please find below references to know more in detail:

Using Microsoft Graph API in ASP.NET Core | Software Engineering (damienbod.com)

Secure a .NET Core API using Bearer Authentication - Dotnet Playbook

回复收藏 0 原文

~没有更多了~