[英]How can I update an online Excel sheet in regular server tasks?
Needs I need to be able to sync an online Excel spreadsheet with data from my database.需要我需要能够将在线 Excel 电子表格与我的数据库中的数据同步。
Question Per the Microsoft Graph api docs , these writes require Delegated (work or school account)
permissions, and can not be done with Application permissions.问题根据Microsoft Graph api 文档,这些写入需要
Delegated (work or school account)
权限,并且不能使用应用程序权限完成。 However, I need to run this regularly on my server without user interaction.但是,我需要在没有用户交互的情况下在我的服务器上定期运行它。 I have not yet found a way to obtain a token with the
Delegated (work or school account)
permission type without user interaction.我还没有找到一种无需用户交互即可获取具有
Delegated (work or school account)
权限类型的令牌的方法。 Is it possible to obtain the needed token/permissions on the server?是否可以在服务器上获得所需的令牌/权限?
So far I have read a great many pages on Microsoft's authentication flows and application scenarios (eg, this article and many downstream from it), but I have not been able to find a suitable path forward.到目前为止,我已经阅读了很多关于 Microsoft 的身份验证流程和应用场景的页面(例如, 这篇文章和它的许多下游文章),但我一直无法找到合适的前进道路。 From this research so far, the daemon application workflow seems most appropriate except that, so far as I can tell, it only allows Application permissions.
从目前的研究来看,守护程序应用程序工作流似乎是最合适的,除了据我所知,它只允许应用程序权限。 The on-behalf-of flow seems like it might be an alternative, but 1. It seems odd that I should have to pick a Microsoft user to do this on behalf of, and 2. I'm not sure that I can authenticate a user once separate from the server process and then hang onto a token on the server (continuously refreshing it?).
代表流程似乎是另一种选择,但是 1. 我必须选择一个 Microsoft 用户来代表它执行此操作似乎很奇怪,并且 2. 我不确定我是否可以验证一个用户一旦与服务器进程分离,然后挂在服务器上的令牌上(不断刷新它?)。 Is there a way to make that work?
有没有办法让它工作? Is there a better way?
有没有更好的办法?
If the API in the document you mentioned in your question it your target API, then it's obviously that you can only use delegated api permission.如果你在问题中提到的文档中的 API 是你的目标 API,那么显然你只能使用委托的 api 权限。 In other words, you have to make a user to sign in first, and you can only modify the excel file which is in the drive item belonging to the signed in user (I sign in with my account and I can modify my excel file, but I can't modify your excel file).
换句话说,你必须让一个用户先登录,你只能修改属于登录用户的驱动器项中的 excel 文件(我用我的帐户登录,我可以修改我的 excel 文件,但我无法修改您的 excel 文件)。
Therefore, you don't want to have a user to sign in each time, but you still want to use this API, you can only try to use ROPC flow to hard code the user name & password(eg excel admin account's username and password) in the application and only make your application to modify the excel files which belonging to this account.所以,你不想每次都有一个用户登录,但你还是想用这个API,你只能尝试使用ROPC flow硬编码用户名和密码(例如excel admin帐户的用户名和密码) 在应用程序中,仅使您的应用程序修改属于该帐户的 excel 文件。
var scopes = new[] { "Files.ReadWrite" };
var tenantId = "tenant_id";
var clientId = "azure_ad_app_id";
var options = new TokenCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};
var userName = "username";
var password = "password";
var userNamePasswordCredential = new UsernamePasswordCredential(
userName, password, tenantId, clientId, options);
var tokenRequestContext = new TokenRequestContext(scopes);
var request = await userNamePasswordCredential.GetTokenAsync(tokenRequestContext);
var res = request.Token;
Note that: As mentioned in this MsDoc , to update the properties of range object, you have to grant delegated API permissions only.
请注意:如本MsDoc中所述,要更新范围 object 的属性,您必须仅授予委托 API 权限。
I agree with @Tiny Wang , you can make use of ROPC Flow (but it is not recommended by Microsoft) where you can predefine username and password.我同意@Tiny Wang的观点,您可以使用ROPC Flow (但 Microsoft 不推荐),您可以在其中预定义用户名和密码。
I generated the access token using below parameters:我使用以下参数生成了访问令牌:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
client_secret:ClientSecret
username:admin@xxx.onmicrosoft.com
password:****
grant_type:password
scope:https://graph.microsoft.com/Files.ReadWrite
By using the above access token, you can try updating the properties of range object like below:通过使用上面的访问令牌,您可以尝试更新范围 object 的属性,如下所示:
Authenticate a user once separate from the server process and then hang onto a token on the server (continuously refreshing it?)
一旦与服务器进程分离,就对用户进行身份验证,然后挂在服务器上的令牌上(不断刷新它?)
You can try increasing the lifetime of the access token if you don't want to refresh the access token continuously by referring this MsDoc .如果您不想通过引用此MsDoc连续刷新访问令牌,可以尝试增加访问令牌的生命周期。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.