[英]How to access OneDrive for business from my MVC app
I have a problem with the authorization service SharePoint Search REST API ( https://msdn.microsoft.com/en-us/library/office/jj163876.aspx?f=255&MSPPError=-2147217396 ).我对授权服务 SharePoint Search REST API ( https://msdn.microsoft.com/en-us/library/office/jj163876.aspx?f=255&MSPPError=-2147217396 ) 有疑问。
We have an ASP.NET MVC application that uses AZURE AD for authentication (configured to work with our app).我们有一个 ASP.NET MVC 应用程序,它使用 AZURE AD 进行身份验证(配置为与我们的应用程序一起使用)。 I also have an office 365 subscription, in particular, I use OneDrive for business to store documents there.我还有一个 Office 365 订阅,特别是,我使用 OneDrive for business 在那里存储文档。 My application in AZURE AD is configured to work with Office 365 SharePoint Online and Windows Azure Active Directory.我在 AZURE AD 中的应用程序配置为使用 Office 365 SharePoint Online 和 Windows Azure Active Directory。
During authorization, the user enters their details on the entry page login.microsoftonline.com.在授权期间,用户在入口页面 login.microsoftonline.com 上输入他们的详细信息。 If authentication is successful, AZURE AD returns the page to the user and returns access tokens.如果身份验证成功,则 AZURE AD 将页面返回给用户并返回访问令牌。 Next, we want to use SharePoint Search REST API for text search in documents stored on oneDrive.接下来,我们要使用 SharePoint Search REST API 在存储在 oneDrive 上的文档中进行文本搜索。 Using a GET request type https://<my_domain>.sharepoint.com/sites/test/_api/search/query?querytext='doc'
returns an error “401 Unauthorized”.使用 GET 请求类型https://<my_domain>.sharepoint.com/sites/test/_api/search/query?querytext='doc'
返回错误“401 Unauthorized”。 When you add in the request body access tokens received from AZURE AD it doesn't solve the problem, the server returns an error "403 Forbidden".当您添加从 AZURE AD 收到的请求正文访问令牌时,它不能解决问题,服务器返回错误“403 Forbidden”。
Sample request样品请求
stringtenantId = ClaimsPrincipal.Current.FindFirst(AppConfiguration.TenantIdClaimType).Value;
AuthenticationContextauthContext = newAuthenticationContext(string.Format(CultureInfo.InvariantCulture, AppConfiguration.LoginUrl, tenantId));
ClientCredentialcredential = newClientCredential(AppConfiguration.AppPrincipalId, AppConfiguration.AppKey);
AuthenticationResultassertionCredential = authContext.AcquireToken(AppConfiguration.GraphUrl, credential);
stringauthHeader = assertionCredential.CreateAuthorizationHeader();
HttpClientclient = newHttpClient();
HttpRequestMessagerequest = newHttpRequestMessage(HttpMethod.Get, "https://<my_domain>.sharepoint.com/sites/test/_api/search/query?querytext='doc'");
request.Headers.TryAddWithoutValidation("Authorization", authHeader);
request.Headers.TryAddWithoutValidation("Accept", "application/json;odata=minimalmetadata");
HttpResponseMessageresponse = awaitclient.SendAsync(request);
Also还
public static class AppConfiguration
{
public static string TenantIdClaimType
{
get
{
return "http://schemas.microsoft.com/identity/claims/tenantid";
}
}
public static string LoginUrl
{
get
{
return "https://login.windows.net/{0}";
}
}
public static string GraphUrl
{
get
{
return "https://graph.windows.net";
}
}
public static string GraphUserUrl
{
get
{
return "https://graph.windows.net/{0}/users/{1}?api-version=2013-04-05";
}
}
public static string AppPrincipalId
{
get
{
return ConfigurationManager.AppSettings["ida:ClientID"];
}
}
public static string AppKey
{
get
{
return ConfigurationManager.AppSettings["ida:Password"];
}
}
}
As I understand, the problem is in the access token.据我了解,问题出在访问令牌中。 But I didn't find any information on how to properly configure this token.但是我没有找到有关如何正确配置此令牌的任何信息。 JavaScript requests are not appropriate for my, the request should be processed from the server. JavaScript 请求不适合我,请求应该从服务器处理。
I think of two things you could check.我想到了两件事你可以检查一下。
You need "Application Permissions" in Azure AD instead of "Delegated Permissions".您需要 Azure AD 中的“应用程序权限”而不是“委派权限”。 Is it the way your application is configured?这是您的应用程序的配置方式吗?
By experience if you have difficulty accessing a feature in office 365 with a AccessToken it's sometimes because you need a more secure token.根据经验,如果您在使用 AccessToken 访问 Office 365 中的功能时遇到困难,有时是因为您需要更安全的令牌。 Look at the overload of AcquireToken that needs a "ClientAssertionCertificate" class.查看需要“ClientAssertionCertificate”类的 AcquireToken 重载。 You will have to configure it in your Azure AD Manifest manually.您必须在 Azure AD 清单中手动配置它。 Looks at this reference (the part about "Configuring a X.509 public cert for your application") : https://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365查看此参考资料(关于“为您的应用程序配置 X.509 公共证书”的部分): https ://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in- 办公室-365
Was this helpful?这个有帮助吗?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.