如何从我的 MVC 应用程序访问 OneDrive for business

Question

I have a problem with the authorization service SharePoint Search REST API ( https://msdn.microsoft.com/en-us/library/office/jj163876.aspx?f=255&MSPPError=-2147217396 ).

We have an ASP.NET MVC application that uses AZURE AD for authentication (configured to work with our app). I also have an office 365 subscription, in particular, I use OneDrive for business to store documents there. My application in AZURE AD is configured to work with Office 365 SharePoint Online and Windows Azure Active Directory.

During authorization, the user enters their details on the entry page login.microsoftonline.com. If authentication is successful, AZURE AD returns the page to the user and returns access tokens. Next, we want to use SharePoint Search REST API for text search in documents stored on oneDrive. Using a GET request type https://<my_domain>.sharepoint.com/sites/test/_api/search/query?querytext='doc' returns an error “401 Unauthorized”. When you add in the request body access tokens received from AZURE AD it doesn't solve the problem, the server returns an error "403 Forbidden".

Sample request

    stringtenantId = ClaimsPrincipal.Current.FindFirst(AppConfiguration.TenantIdClaimType).Value;
    AuthenticationContextauthContext = newAuthenticationContext(string.Format(CultureInfo.InvariantCulture, AppConfiguration.LoginUrl, tenantId));
    ClientCredentialcredential = newClientCredential(AppConfiguration.AppPrincipalId, AppConfiguration.AppKey);
    AuthenticationResultassertionCredential = authContext.AcquireToken(AppConfiguration.GraphUrl, credential);
    stringauthHeader = assertionCredential.CreateAuthorizationHeader();

    HttpClientclient = newHttpClient();
    HttpRequestMessagerequest = newHttpRequestMessage(HttpMethod.Get, "https://<my_domain>.sharepoint.com/sites/test/_api/search/query?querytext='doc'");
    request.Headers.TryAddWithoutValidation("Authorization", authHeader);
    request.Headers.TryAddWithoutValidation("Accept", "application/json;odata=minimalmetadata");
    HttpResponseMessageresponse = awaitclient.SendAsync(request);

Also

public static class AppConfiguration
{
    public static string TenantIdClaimType
    {
        get
        {
            return "http://schemas.microsoft.com/identity/claims/tenantid";
        }
    }

    public static string LoginUrl
    {
        get
        {
            return "https://login.windows.net/{0}";
        }
    }

    public static string GraphUrl
    {
        get
        {
            return "https://graph.windows.net";
        }
    }

    public static string GraphUserUrl
    {
        get
        {
            return "https://graph.windows.net/{0}/users/{1}?api-version=2013-04-05";
        }
    }

    public static string AppPrincipalId
    {
        get
        {
            return ConfigurationManager.AppSettings["ida:ClientID"];
        }
    }

    public static string AppKey
    {
        get
        {
            return ConfigurationManager.AppSettings["ida:Password"];
        }
    }
}

As I understand, the problem is in the access token. But I didn't find any information on how to properly configure this token. JavaScript requests are not appropriate for my, the request should be processed from the server.

Answer 1

I think of two things you could check.

You need "Application Permissions" in Azure AD instead of "Delegated Permissions". Is it the way your application is configured?

By experience if you have difficulty accessing a feature in office 365 with a AccessToken it's sometimes because you need a more secure token. Look at the overload of AcquireToken that needs a "ClientAssertionCertificate" class. You will have to configure it in your Azure AD Manifest manually. Looks at this reference (the part about "Configuring a X.509 public cert for your application") : https://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365

Was this helpful?