[英]ADAL.NET - why is AcquireTokenAsync needed when authenticating OnBehalfOf from an API to an API?
The canonical pattern for getting access tokens using ADAL.NET looks like this: 使用ADAL.NET获取访问令牌的规范模式如下所示:
try
{
result = await authContext.AcquireTokenSilentAsync(graphResourceId, clientId);
}
catch (AdalException adalException)
{
if (adalException.ErrorCode == AdalError.FailedToAcquireTokenSilently || adalException.ErrorCode == AdalError.UserInteractionRequired)
{
result = await authContext.AcquireTokenAsync(graphResourceId,
clientCred,
userAssertion);
}
}
Supposedly AcquireTokenSilentAsync
attempts to retrieve a token without user interaction, while AcquireTokenAsync
prompts the user for permission. 假设
AcquireTokenSilentAsync
尝试在没有用户交互的情况下检索令牌,而AcquireTokenAsync
提示用户进行许可。 However...This function is being called within a Web API that's trying to call another Web API - so there's no way to prompt the user for permission at all. 但是...正在尝试调用另一个Web API的Web API中调用此函数-因此根本无法提示用户许可。 Which one do I use?
我要使用哪一个? Do I need to use both?
我需要同时使用两者吗?
Typically, you just use the second (with userAssertion) since that's all you have in a WebAPI - the incoming token of a user of the client calling you. 通常,您只需要使用第二个(带有userAssertion),因为这就是WebAPI中的全部内容-调用您的客户端用户的传入令牌。 Note that this API will NOT prompt the user - that a different signature with PlatfromParameters.
请注意,此API不会提示用户-使用PlatfromParameters的其他签名。 This API will exchange an incoming token addressed to this API for a token addressed to the API this one needs to call.
该API会将指向该API的传入令牌交换为寻址到该API的令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.