将authProvider与MS SDK一起用于C#中的图形调用 [英] Using authProvider with MS SDK for graph calls in C#
问题描述
我正在尝试创建一个C#控制台应用程序以连接到图形API并从一个租户处从AzureAD获取用户列表.我已经注册了该应用,管理员已给我以下内容
I'm trying create a C# console application to connect to graph API and get a list of users from AzureAD from a tenant. I have registered the app and the admin has given me the following
- 租户名称和租户ID
- 客户端ID(有时也称为应用ID)
- 客户机密
使用SDK我需要使用的C#代码如下所示( https://docs.microsoft.com/zh-CN/graph/api/user-list?view=graph-rest-1.0&tabs=cs ):
Using the sdk the C# code I need to use looks like this (https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=cs):
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var users = await graphClient.Users
.Request()
.GetAsync();
但是,控制台应用程序将作为批处理进程运行,因此根本没有用户交互.因此,为了提供authProvider,我在MS docs网站上关注了这篇文章: https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS
However, the console application will run as a batch process so there will be no user interaction at all. So in order to provide the authProvider I followed this article on MS docs site: https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS
我认为出于我的目的,我需要参加客户端凭据OAuth流程".该URL上显示的代码.但是这里也是.
And I think for my purpose I need to go for the "Client Credential OAuth flow". The code which is shown on that URL. But here it is too.
IConfidentialClientApplication clientApplication = ClientCredentialProvider.CreateClientApplication(clientId, clientCredential);
ClientCredentialProvider authProvider = new ClientCredentialProvider(clientApplication);
问题在于Visual Studio无法识别ClientCredentialProvider类.我不确定要导入哪个程序集.我在顶部使用以下用法.
The trouble is that Visual Studio does not recognise ClientCredentialProvider class. I'm not sure which assembly to import. I'm using the following usings in the top.
using Microsoft.Identity.Client;
using Microsoft.IdentityModel.Clients;
using Microsoft.IdentityModel;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
我对GitHub存储库不是很有经验,并且我正在使用Visual Studio 2015.我看过但找不到. MS有一些讲座,但是他们使用另一种身份验证提供程序,它是交互式身份验证,这不是我想要的.我想使用TenantId/ClientId和Client Secret获取令牌.
I'm not very experienced with GitHub repos and I'm using Visual Studio 2015. I would be interested in sample code; I have looked but cannot find any. MS have some lectures but they use another type of auth Provider which is authenticating interactively which is not what I'm looking for. I want obtain the token using the TenantId/ClientId and Client Secret.
推荐答案
ClientCredentialProvider 是Microsoft.Graph.Auth程序包的一部分.您可以在 https://github.com/microsoftgraph/msgraph-sdk上了解有关此软件包的更多信息. -dotnet-auth
ClientCredentialProvider is part of the Microsoft.Graph.Auth package. You can read more about this package at https://github.com/microsoftgraph/msgraph-sdk-dotnet-auth
请注意,此软件包当前(截至2019年5月15日)处于预览状态,因此您可能需要等待,然后才能在生产应用程序中使用它.
Note that this package is currently (as of 2019-05-15) in preview, so you may want to wait before using this in a production application.
或者,下面的示例使用 .NET的Microsoft身份验证库 (MSAL)直接使用仅应用程序身份验证来设置Microsoft Graph SDK:
Alternatively, the following example uses the Microsoft Authentication Library for .NET (MSAL) directly to set up the Microsoft Graph SDK using app-only authentication:
// The Azure AD tenant ID or a verified domain (e.g. contoso.onmicrosoft.com)
var tenantId = "{tenant-id-or-domain-name}";
// The client ID of the app registered in Azure AD
var clientId = "{client-id}";
// *Never* include client secrets in source code!
var clientSecret = await GetClientSecretFromKeyVault(); // Or some other secure place.
// The app registration should be configured to require access to permissions
// sufficient for the Microsoft Graph API calls the app will be making, and
// those permissions should be granted by a tenant administrator.
var scopes = new string[] { "https://graph.microsoft.com/.default" };
// Configure the MSAL client as a confidential client
var confidentialClient = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithAuthority($"https://login.microsoftonline.com/$tenantId/v2.0")
.WithClientSecret(clientSecret)
.Build();
// Build the Microsoft Graph client. As the authentication provider, set an async lambda
// which uses the MSAL client to obtain an app-only access token to Microsoft Graph,
// and inserts this access token in the Authorization header of each API request.
GraphServiceClient graphServiceClient =
new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {
// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
var authResult = await confidentialClient
.AcquireTokenForClient(scopes)
.ExecuteAsync();
// Add the access token in the Authorization header of the API request.
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
})
);
// Make a Microsoft Graph API query
var users = await graphServiceClient.Users.Request().GetAsync();
(请注意,此示例使用Microsoft.Identity.Client程序包的最新版本.早期版本(版本3之前)未包含 ConfidentialClientApplicationBuilder .)
(Note that this example uses the latest version of the Microsoft.Identity.Client package. Earlier versions (before version 3) did not include ConfidentialClientApplicationBuilder.)
这篇关于将authProvider与MS SDK一起用于C#中的图形调用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
