![](/img/trans.png)
[英]How to get access token from one MVC5 application to another MVC5 application
[英]Get access token in MVC application
我正在嘗試檢索訪問令牌,以便可以存儲它,並在以后將其傳遞給ExchangeService。 Startup.Auth看起來像這樣:
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
UseTokenLifetime = false,
/*
* Skipping the Home Realm Discovery Page in Azure AD
* http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/
*/
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = OpenIdConnectNotification.RedirectToIdentityProvider,
MessageReceived = OpenIdConnectNotification.MessageReceived,
SecurityTokenReceived = OpenIdConnectNotification.SecurityTokenReceived,
SecurityTokenValidated = OpenIdConnectNotification.SecurityTokenValidated,
AuthorizationCodeReceived = OpenIdConnectNotification.AuthorizationCodeReceived,
AuthenticationFailed = OpenIdConnectNotification.AuthenticationFailed
},
});
然后在SecurityTokenValidated中,我這樣做:
public static async Task<Task> SecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
{
string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
var authContext = new AuthenticationContext(aadInstance + "/oauth2/token", false);
var authResult =await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code,
new Uri(aadInstance), new ClientAssertion(clientId, "5a95f1c6be7bf3c61f6392ec84ddd044acef61d9"));
var accessToken = authResult.Result.AccessToken;
context.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", accessToken));
return Task.FromResult(0);
}
我沒有收到任何錯誤,但是應用程序掛在這行上:
var accessToken = authResult.Result.AccessToken;
ClientAssertion是使用我已在IIS中安裝的SSL證書的指紋構造的,不確定該證書的類型是否正確...
更新:我更新了SecurityTokenValidated以反映Saca的評論,但是我收到“ AADSTS50027:無效的JWT令牌。令牌格式無效”這樣的錯誤。 我也嘗試了這段代碼:
string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
var authContext = new AuthenticationContext(aadInstance, false);
var cert = new X509Certificate2("...", "...");
var cacert = new ClientAssertionCertificate(clientId, cert);
var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code, new Uri(aadInstance), cacert);
var accessToken = authResult.AccessToken;
context.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", accessToken));
return Task.FromResult(0);
但是這樣我得到“ AADSTS70002:驗證憑據出錯。AADSTS50012:客戶端斷言包含無效簽名。”
應用程序掛起,因為您通過訪問authResult的.Result阻止了異步任務的結果。
您應該將其更改為:
public static async Task SecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
{
string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
var authContext = new AuthenticationContext(aadInstance + "/oauth2/token", false);
var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code,
new Uri(aadInstance), new ClientAssertion(clientId, "5a95f1c6be7bf3c61f6392ec84ddd044acef61d9"));
var accessToken = authResult.AccessToken;
context.AuthenticationTicket.Identity.AddClaim(new Claim("access_token", accessToken));
}
我設法獲得了訪問令牌:
public static async Task<Task> SecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context)
{
string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
string clientSecret = ConfigurationManager.AppSettings["ida:ClientSecret"];
string source = ConfigurationManager.AppSettings["ExchangeOnlineId"];
var authContext = new AuthenticationContext(aadInstance, false);
var credentials = new ClientCredential(clientId, clientSecret);
var appRedirectUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase + "/";
var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code, new Uri(appRedirectUrl), credentials, source);
var accessToken = authResult.AccessToken;
var applicationUserIdentity = new ClaimsIdentity(context.OwinContext.Authentication.User.Identity);
applicationUserIdentity.AddClaim(new Claim("AccessToken", accessToken));
context.OwinContext.Authentication.User.AddIdentity(applicationUserIdentity);
return Task.FromResult(0);
}
最初,我想使用ClientAssertion,因此不必公開客戶端的Secret,但是管理證書的工作太多了...
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.