无法在ASP.NET MVC上使用ADAL for Office 365 REST API静默验证用户
[英]Cant authenticate user silently with ADAL for Office 365 REST API on ASP.NET MVC
问题描述
So I'm trying to implement persistent tokens for our office authentication so that the user does not have to sign into office each time they are in a new session. 
因此,我正在尝试为我们的办公室身份验证实现永久性令牌,以便用户不必每次在新会话中都登录办公室。 The code I currently have to authenticating the user is as below. 我当前要验证用户身份的代码如下。
string authority = "https://login.microsoftonline.com/common";
var tokenCache = new ADALTokenCache(User.Identity.GetUserId());
AuthenticationContext authContext = new AuthenticationContext(authority, tokenCache );
var token = authContext.AcquireTokenSilentAsync(scopes, clientId, new UserIdentifier(userId, UserIdentifierType.RequiredDisplayableId));
But everything I've tried so far gives me the error below 但是到目前为止我所做的一切都给了我下面的错误
The Exception is: "Failed to acquire token silently. Call method AcquireToken" 异常是: "Failed to acquire token silently. Call method AcquireToken"
The method Im using to aquire the token in the first place is as below Im首先用于获取令牌的方法如下
string authority = "https://login.microsoftonline.com/common";
var fileCache = new ADALTokenCache(User.Identity.GetUserId());
AuthenticationContext authContext = new AuthenticationContext(authority, fileCache);
var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(
authCode, redirectUri, credential, scopes);
And the token cache im using is a db implementation which I made from a tutorial which I cannnot find again, if I watch the db I can see that new tokens are being inserted into the db when AcquireTokenByAuthorizationCodeAsync is called. 我使用的令牌缓存是数据库实现,我是从教程中找到的,我再也找不到了,如果看数据库,我可以看到调用AcquireTokenByAuthorizationCodeAsync时新的令牌正在插入数据库。
Update: 更新:
This is my result from authResult when calling AcquireTokenByAuthorizationCodeAsync 这是我调用AcquireTokenByAuthorizationCodeAsync时来自authResult的结果
I have marked Virbonet's answer as the solution but I have not fixed it but he did explain to me where I was going wrong 我已将Virbonet的答案标记为解决方案,但我尚未解决,但他确实向我解释了我出了问题的地方
2 个解决方案
解决方案1
6 已采纳 2016-02-23 02:01:31
AcquireTokenSilent cannot work if you are passing /common in the authority. 如果您在权威机构中传递/ common,则AcquireTokenSilent无法工作。 Using "common" is equivalent to declaring that you don' know what tenant is the user from, hence ADAL cannot return a cached token form a specific tenant - user interaction is required to determine which tenant should be used. 使用“普通”等同于声明您不知道用户来自哪个租户,因此ADAL无法从特定租户返回缓存的令牌-需要用户交互以确定应使用哪个租户。 If you want to call AcquireTokenSilent you need to initialize the authority with the exact tenant of the incoming user, as in "https://login.microsoftonline.com/"+tenantID here tenantID is the tenantID from the current ClaimsPrincipal . 如果要调用AcquireTokenSilent ,则需要使用传入用户的确切租户来初始化权限,如"https://login.microsoftonline.com/"+tenantID此处, tenantID是当前ClaimsPrincipal 。
解决方案2
0 2016-02-23 01:56:17
This is the function call you need to use: AcquireTokenByAuthorizationCode() but not AcquireTokenSilent() . 这是您需要使用的函数调用: AcquireTokenByAuthorizationCode()而不是AcquireTokenSilent() 。
Hope this helps. 希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.