ADAL.NET-从API向API验证OnBehalfOf时,为什么需要AcquireTokenAsync?
[英]ADAL.NET - why is AcquireTokenAsync needed when authenticating OnBehalfOf from an API to an API?
问题描述
The canonical pattern for getting access tokens using ADAL.NET looks like this: 
使用ADAL.NET获取访问令牌的规范模式如下所示:
try
{
result = await authContext.AcquireTokenSilentAsync(graphResourceId, clientId);
}
catch (AdalException adalException)
{
if (adalException.ErrorCode == AdalError.FailedToAcquireTokenSilently || adalException.ErrorCode == AdalError.UserInteractionRequired)
{
result = await authContext.AcquireTokenAsync(graphResourceId,
clientCred,
userAssertion);
}
}
Supposedly AcquireTokenSilentAsync attempts to retrieve a token without user interaction, while AcquireTokenAsync prompts the user for permission. 假设AcquireTokenSilentAsync尝试在没有用户交互的情况下检索令牌,而AcquireTokenAsync提示用户进行许可。 However...This function is being called within a Web API that's trying to call another Web API - so there's no way to prompt the user for permission at all. 但是...正在尝试调用另一个Web API的Web API中调用此函数-因此根本无法提示用户许可。 Which one do I use? 我要使用哪一个? Do I need to use both? 我需要同时使用两者吗?
1 个解决方案
解决方案1
2 2019-02-07 23:00:49
Typically, you just use the second (with userAssertion) since that's all you have in a WebAPI - the incoming token of a user of the client calling you. 通常,您只需要使用第二个(带有userAssertion),因为这就是WebAPI中的全部内容-调用您的客户端用户的传入令牌。 Note that this API will NOT prompt the user - that a different signature with PlatfromParameters. 请注意,此API不会提示用户-使用PlatfromParameters的其他签名。 This API will exchange an incoming token addressed to this API for a token addressed to the API this one needs to call. 该API会将指向该API的传入令牌交换为寻址到该API的令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.