在MVC應用程序中獲取訪問令牌

Question

我正在嘗試檢索訪問令牌，以便可以存儲它，並在以后將其傳遞給ExchangeService。 Startup.Auth看起來像這樣：

 app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = clientId,
                Authority = authority,
                UseTokenLifetime = false,
                /*
                * Skipping the Home Realm Discovery Page in Azure AD
                * http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/
                */
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    RedirectToIdentityProvider = OpenIdConnectNotification.RedirectToIdentityProvider,
                    MessageReceived = OpenIdConnectNotification.MessageReceived,
                    SecurityTokenReceived = OpenIdConnectNotification.SecurityTokenReceived,
                    SecurityTokenValidated = OpenIdConnectNotification.SecurityTokenValidated,
                    AuthorizationCodeReceived = OpenIdConnectNotification.AuthorizationCodeReceived,
                    AuthenticationFailed = OpenIdConnectNotification.AuthenticationFailed
                },

            });

然后在SecurityTokenValidated中，我這樣做：

public static async Task<Task>  SecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
    {
        string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        var authContext = new AuthenticationContext(aadInstance + "/oauth2/token", false);
        var authResult =await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code,
            new Uri(aadInstance), new ClientAssertion(clientId, "‎5a95f1c6be7bf3c61f6392ec84ddd044acef61d9"));
        var accessToken = authResult.Result.AccessToken;
        context.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", accessToken));
        return Task.FromResult(0);
    }

我沒有收到任何錯誤，但是應用程序掛在這行上：

 var accessToken = authResult.Result.AccessToken;

ClientAssertion是使用我已在IIS中安裝的SSL證書的指紋構造的，不確定該證書的類型是否正確...

更新：我更新了SecurityTokenValidated以反映Saca的評論，但是我收到“ AADSTS50027：無效的JWT令牌。令牌格式無效”這樣的錯誤。 我也嘗試了這段代碼：

   string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
            string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
            var authContext = new AuthenticationContext(aadInstance, false);
            var cert = new X509Certificate2("...", "...");
            var cacert = new ClientAssertionCertificate(clientId, cert);
            var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code, new Uri(aadInstance), cacert);
            var accessToken = authResult.AccessToken;
            context.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", accessToken));
            return Task.FromResult(0);

但是這樣我得到“ AADSTS70002：驗證憑據出錯。AADSTS50012：客戶端斷言包含無效簽名。”

Answer 1

應用程序掛起，因為您通過訪問authResult的.Result阻止了異步任務的結果。

您應該將其更改為：

public static async Task SecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
{
    string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
    string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
    var authContext = new AuthenticationContext(aadInstance + "/oauth2/token", false);
    var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code,
        new Uri(aadInstance), new ClientAssertion(clientId, "‎5a95f1c6be7bf3c61f6392ec84ddd044acef61d9"));
    var accessToken = authResult.AccessToken;
    context.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", accessToken));
}

Answer 2

我設法獲得了訪問令牌：

 public static async Task<Task> SecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
    {
        string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
        string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        string clientSecret = ConfigurationManager.AppSettings["ida:ClientSecret"];
        string source = ConfigurationManager.AppSettings["ExchangeOnlineId"];

        var authContext = new AuthenticationContext(aadInstance, false);
        var credentials = new ClientCredential(clientId, clientSecret);
        var appRedirectUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + "/";
        var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code, new Uri(appRedirectUrl), credentials, source);
        var accessToken = authResult.AccessToken;
        var applicationUserIdentity = new ClaimsIdentity(context.OwinContext.Authentication.User.Identity);
        applicationUserIdentity.AddClaim(new Claim("AccessToken", accessToken));
        context.OwinContext.Authentication.User.AddIdentity(applicationUserIdentity);
        return Task.FromResult(0);
    }

最初，我想使用ClientAssertion，因此不必公開客戶端的Secret，但是管理證書的工作太多了...

在MVC應用程序中獲取訪問令牌

問題描述

2 個解決方案

解決方案1
3 2016-07-13 07:23:39

解決方案2
1 已采納 2016-07-14 21:15:55

在MVC應用程序中獲取訪問令牌

問題描述

2 個解決方案

解決方案1 3 2016-07-13 07:23:39

解決方案2 1 已采納 2016-07-14 21:15:55

解決方案1
3 2016-07-13 07:23:39

解決方案2
1 已采納 2016-07-14 21:15:55