从Azure Active Directory访问所需的响应
[英]Access Required Response from Azure Active Directory
问题描述
Going by the code provided by Microsoft (I'm assuming), I am unable to query my Azure Active Directory. 
按照Microsoft提供的代码 (假设),我无法查询Azure Active Directory。 Every time I call the following, I get a response of {Authorization Required.} : 每次调用以下内容时,都会收到{Authorization Required.}的响应:
ActiveDirectoryClient client = AuthenticationHelper.GetActiveDirectoryClient();
IPagedCollection<IUser> pagedCollection = await client.Users.ExecuteAsync();
I'm new to Azure Active Directory and I'm new to the Graph and thought that the samples provided would function. 我是Azure Active Directory的新手,也是Graph的新手,并认为所提供的示例可以正常运行。 They do not and I am hoping someone here can tell me either what is wrong with the code or how do I grant myself authorization to my own directory? 他们没有,我希望这里的人可以告诉我代码有什么问题,或者如何授予自己对自己目录的授权? I thought the AccessKey would be the authentication method, but apparently that's useless as it's not used in their examples. 我以为AccessKey将是身份验证方法,但显然没有用,因为在他们的示例中未使用它。
1 个解决方案
解决方案1
2 已采纳 2016-10-07 03:04:09
Basically, to call the REST which protected by Azure AD which support OAuth2.0 to authorize the third-party application, we need to pass a bearer token. 基本上,要调用受支持OAuth2.0的受Azure AD保护的REST来授权第三方应用程序,我们需要传递承载令牌。
And to go through the code sample, please ensure that you followed the steps list by the README.md. 并且要遍历代码示例,请确保遵循README.md的步骤列表。
Note: there is something not clear in the README.md about config the permission. 注意:README.md中关于配置权限的内容尚不清楚。 The code sample is using the Azure AD Graph instead of Microsoft Graph, we need to choose the Windows Azure Active Directory instead of Microsoft Graph . 该代码示例使用Azure AD Graph代替Microsoft Graph,我们需要选择Windows Azure Active Directory代替Microsoft Graph 。 And I have report this issue here . 我已经在这里报告了这个问题。
You can see that there is a static filed named token in class AuthenticationHelper which will be set the value when the users sign-in using the code in Startup.Auth.cs like below:( not using cert) 您可以看到在AuthenticationHelper类中有一个名为file的静态文件令牌 ,当用户使用Startup.Auth.cs中的代码登录时,将设置该值,如下所示:(不使用cert)
// Create a Client Credential Using an Application Key
ClientCredential credential = new ClientCredential(clientId, appKey);
string userObjectID = context.AuthenticationTicket.Identity.FindFirst(
"http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectID));
AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);
AuthenticationHelper.token = result.AccessToken;
And here is the detail progress to acquire the token via the OAuth 2.0 code grant flow: 以下是通过OAuth 2.0代码授权流程获取令牌的详细过程:
More detail about this flow you can refer here . 有关此流程的更多详细信息,您可以在这里参考。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.