堆栈内存溢出
  简体   繁体   English

使用服务主体登录Microsoft Graph / Office 365 REST API

[英]Microsoft Graph / Office 365 REST API login with service principal

 原文  2016-12-15 11:30:49       office365/ microsoft-graph/ azure-ad-graph-api

问题描述

Is it possible to log into MS or Azure Graph or the Office 365 REST API using a service principal? 是否可以使用服务主体登录MS或Azure Graph或Office 365 REST API? I am currently working on a multi-tenant application and with OAuth I don't like that it is possible that my refresh token expires. 我目前正在使用多租户应用程序,并且使用OAuth我不喜欢刷新令牌可能会过期。

2 个解决方案

解决方案1
 1  2016-12-16 12:32:17

You can use certificate based application-based authentication. 您可以使用基于证书的基于应用程序的身份验证。

When you have added an X.509 cert to the application's manifest, you should be able to use something like the following to get an application token. 将X.509证书添加到应用程序清单后,您应该可以使用类似以下内容的方法来获取应用程序令牌。 Bear in mind that this is an application login, so the permissions need to be on the application and not on the signed in user. 请记住,这是应用程序登录,因此权限必须在应用程序上,而不是登录用户上。 

var cert = new X509Certificate2(certBytes, certificatePassword);
var clientAssertionCertificate = new ClientAssertionCertificate(clientId, cert);

var authenticationResult = 
    await authenticationContext.AcquireTokenAsync(resourceToAuthenticate, clientAssertionCertificate);

解决方案2
 1 已采纳  2016-12-20 19:12:00

Just building on the last answer. 仅以最后一个答案为基础。 You should follow the information in this article: https://graph.microsoft.io/en-us/docs/authorization/app_only , which talks you through using the OAuth2.0 client_credential flow to acquire an application access token (with no user context), including how to get an administrator in your customer's tenants to authorize access for your multi-tenant application. 您应该按照本文中的信息进行操作: https : //graph.microsoft.io/en-us/docs/authorization/app_only ,它会通过使用OAuth2.0 client_credential流来指导您获取应用程序访问令牌(没有用户)上下文),包括如何让客户租户中的管理员授权多租户应用程序的访问权限。 The answer above uses the auth client library (ADAL) to show you how to acquire a token, but this can also be done using HTTP requests. 上面的答案使用auth客户端库(ADAL)向您展示如何获取令牌,但这也可以使用HTTP请求来完成。

NOTE: You shouldn't need to worry about service principals etc with the documented link above - that's all mechanics that happens under the covers through the consent/authorization flow. 注意:您无需担心上面记录的链接中的服务主体等-这是通过同意/授权流程进行的所有机制。

Hope this helps, 希望这可以帮助,

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Office 365 REST Api和Microsoft Graph之间的区别 - Difference between Office 365 REST Api and Microsoft Graph Office 365和Microsoft Graph登录错误 - Office 365 and Microsoft Graph login error 如果为Office 365租户禁用了办公图,Microsoft Graph API是否可以工作? - Will Microsoft Graph API work if office graph is disabled for the Office 365 tenant? JAVA中的Microsoft Office 365邮件REST API - Microsoft office 365 Mail REST API in JAVA Office 365中的用户主体/服务主体 - user principal/service principal in Office 365 Microsoft Graph API Office 365-如何使用REST API更改消息标志属性? - Microsoft Graph API Office 365 - How change message flags property with REST API? Office 365 REST API - Office 365 REST API 如何从Microsoft Graph API for Office 365获取国家/地区? - How to get country from Microsoft Graph API for Office 365? Microsoft Graph - Office 365 API,获取有关邮箱的信息 - Microsoft Graph - Office 365 API , Obtain Information about mailbox 使用 Microsoft Graph 进行 Office 365 身份验证 - Office 365 Authentication with Microsoft Graph
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM