EWS:“远程服务器返回错误(401)未经授权”
[英]EWS: “The remote server returned error (401) Unauthorized”
问题描述
I'm trying to find a single item fronm all items in the current context, but I seem to constantly get this error message: 
我正在尝试从当前上下文中的所有项目中查找单个项目,但是我似乎不断收到以下错误消息:
The request failed.
First, I set everything up to access the exchange service: 首先,我设置了一切以访问交换服务:
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationResult authenticationResult = null;
AuthenticationContext authenticationContext = new AuthenticationContext(
SettingsHelper.Authority, new model.ADALTokenCache(signInUserId));
authenticationResult = authenticationContext.AcquireToken(
SettingsHelper.ServerName,
new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret));
ExchangeService exchange = new ExchangeService(ExchangeVersion.Exchange2013);
exchange.Url = new Uri(SettingsHelper.ServerName + "ews/exchange.asmx");
exchange.TraceEnabled = true;
exchange.TraceFlags = TraceFlags.All;
exchange.Credentials = new OAuthCredentials(authenticationResult.AccessToken);
And then I define what Item I want to receive (by ID): 然后,我定义要接收的商品(按ID):
ItemView view = new ItemView(5);
view.PropertySet = new PropertySet(BasePropertySet.IdOnly);
var tempId = id.Replace('-', '/').Replace('_', '+');
SearchFilter.IsEqualTo searchid = new SearchFilter.IsEqualTo(ItemSchema.Id, tempId);
And last but not least, I try to search for this item, within my items: 最后但并非最不重要的一点是,我尝试在我的物品中搜索该物品:
FindItemsResults<Microsoft.Exchange.WebServices.Data.Item> results = exchange.FindItems(WellKnownFolderName.Inbox, searchid, view);
And this is where my error happens. 这就是我的错误发生的地方。 I've tried various other ways of doing this, but no matter what I do, I get unauthorized. 我尝试了其他各种方法来执行此操作,但是无论我做什么,都会遭到未经授权的操作。
Could someone maybe guide me in the correct way, in order to solve this issue? 为了解决这个问题,有人可以以正确的方式指导我吗?
EDIT 编辑
I do receive the access token from the: 我确实从收到了访问令牌:
authenticationResult = authenticationContext.AcquireToken(
SettingsHelper.ServerName,
new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret));
as I can see by debugging the code. 正如我通过调试代码所看到的。
No refresh token is present though, and I don't know if this has something to say? 虽然没有刷新令牌,但我不知道这是否有话要说?
EDIT 编辑
I just managed to debug all my way into the exchange.ResponseHeaders in where I saw this: 我只是设法调试了所有进入exchange.ResponseHeaders的地方:
The access token is acquired using an authentication method that is too weak to allow access for this application.
I decoded the JWT , as this is my result: 我解码了JWT ,因为这是我的结果:
{
typ: "JWT",
alg: "RS256",
x5t: "MnC_VZcATfM5pOYiJHMba9goEKY",
kid: "MnC_VZcATfM5pOYiJHMba9goEKY"
}.
{
aud: "https://outlook.office365.com/",
iss: "https://sts.windows.net/d35f5b06-f051-458d-92cc-2b8096b4b78b/",
iat: 1445416753,
nbf: 1445416753,
exp: 1445420653,
ver: "1.0",
tid: "d35f5b06-f051-458d-92cc-2b8096b4b78b",
oid: "c5da9088-987d-463f-a730-2706f23f3cc6",
sub: "c5da9088-987d-463f-a730-2706f23f3cc6",
idp: "https://sts.windows.net/d35f5b06-f051-458d-92cc-2b8096b4b78b/",
appid: "70af108f-5c8c-4ee4-a40f-ab0b6f5922e0",
appidacr: "1"
}.
[signature]
Where to go from here? 然后去哪儿?
1 个解决方案
解决方案1
5 已采纳 2015-10-21 15:26:26
I already got this error while using EWS in the past "The access token is acquired using an authentication method that is too weak to allow access for this application. Presented auth strength was 1, required is 2" 我过去在使用EWS时已经遇到了此错误“访问令牌是使用认证方法获取的,该方法太弱而无法允许对此应用程序进行访问。目前的身份验证强度为1,要求为2”
What you need to do is to enforce your authentication with a certificate. 您需要做的是使用证书强制执行身份验证。
AuthenticationContext authContext = new AuthenticationContext(authority);
exchangeService.Credentials = new OAuthCredentials(authContext.AcquireToken("https://outlook.office365.com", new ClientAssertionCertificate(ConfigurationManager.AppSettings["ida:ClientId"], certificate)).AccessToken);
The key part is to define a new ClientAssertionCertificate as you ClientAssertion. 关键部分是在定义ClientAssertion时定义一个新的ClientAssertionCertificate。
You will also have to modify the manifest of your Azure Active Directory Application. 您还必须修改Azure Active Directory应用程序的清单。
Looks at this reference (the part about "Configuring a X.509 public cert for your application") : https://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365 查看此参考资料(有关“为您的应用程序配置X.509公共证书”的部分): https : //msdn.microsoft.com/zh-cn/office/office365/howto/building-service-apps-in- office-365
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.