如何在不使用对话框的情况下在Azure Active Directory中进行授权? [英] How to authorize in Azure Active Directory without using dialog?
问题描述
我的应用程序显示了所有用户的Power Bi帐户的仪表板,我正在通过对话框授权Azure Active Directory以获取访问令牌。我可以不使用授权对话框对我的凭据进行硬编码并获得访问令牌。
代码。它可以使用,但它使用的是授权对话框。
My application shows dashboard of my power bi account for all users, I am authorizing the Azure Active Directory through a dialog to get an access token. Can I hard code my credentials and get access token without using the authorization dialog. Code. It works but it is using the authorization dialog.
var @params = new NameValueCollection
{
{"response_type", "code"},
{"client_id", Properties.Settings.Default.ClientID},
{"resource", "https://analysis.windows.net/powerbi/api"},
{"redirect_uri", "http://localhost:13526/Redirect"}
};
var queryString = HttpUtility.ParseQueryString(string.Empty);
queryString.Add(@params);
string authorityUri = "https://login.windows.net/common/oauth2/authorize/";
var authUri = String.Format("{0}?{1}", authorityUri, queryString);
Response.Redirect(authUri);
Redirect.aspx
string redirectUri = "http://localhost:13526/Redirect";
string authorityUri = "https://login.windows.net/common/oauth2/authorize/";
string code = Request.Params.GetValues(0)[0];
TokenCache TC = new TokenCache();
AuthenticationContext AC = new AuthenticationContext(authorityUri, TC);
ClientCredential cc = new ClientCredential
(Properties.Settings.Default.ClientID,
Properties.Settings.Default.ClientSecret);
AuthenticationResult AR = AC.AcquireTokenByAuthorizationCode(code, new Uri(redirectUri), cc);
Session[_Default.authResultString] = AR;
Response.Redirect("/Default.aspx");
Default.aspx
string responseContent = string.Empty;
System.Net.WebRequest request = System.Net.WebRequest.Create(String.Format("{0}dashboards", baseUri)) as System.Net.HttpWebRequest;
request.Method = "GET";
request.ContentLength = 0;
request.Headers.Add("Authorization", String.Format("Bearer {0}", authResult.AccessToken));
using (var response = request.GetResponse() as System.Net.HttpWebResponse)
{
using (var reader = new System.IO.StreamReader(response.GetResponseStream()))
{
responseContent = reader.ReadToEnd();
PBIDashboards PBIDashboards = JsonConvert.DeserializeObject<PBIDashboards>(responseContent);
}
}
推荐答案
I一次不使用ADAL进行此操作。对于Power BI来说,由于它们不提供应用程序权限,因此只能委派。
I did this once without using ADAL. For Power BI as well, since they don't offer application permissions, only delegated.
您需要用调用AAD令牌端点。 grant_type =密码
。您将在表单参数中指定用户名和密码,以及客户端ID,客户端密钥和资源URI。
What you need to is call the AAD token endpoint with grant_type=password
. You will specify the username and password, as well as the client id, client secret and resource URI in form parameters.
这是我编写的函数:
private async Task<string> GetAccessToken()
{
string tokenEndpointUri = Authority + "oauth2/token";
var content = new FormUrlEncodedContent(new []
{
new KeyValuePair<string, string>("grant_type", "password"),
new KeyValuePair<string, string>("username", Username),
new KeyValuePair<string, string>("password", Password),
new KeyValuePair<string, string>("client_id", ClientId),
new KeyValuePair<string, string>("client_secret", ClientSecret),
new KeyValuePair<string, string>("resource", PowerBiResourceUri)
}
);
using (var client = new HttpClient())
{
HttpResponseMessage res = await client.PostAsync(tokenEndpointUri, content);
string json = await res.Content.ReadAsStringAsync();
AzureAdTokenResponse tokenRes = JsonConvert.DeserializeObject<AzureAdTokenResponse>(json);
return tokenRes.AccessToken;
}
}
此处的权限为 https: //login.microsoftonline.com/tenant-id /
。这是我正在使用的响应类:
Authority here is https://login.microsoftonline.com/tenant-id/
. Here is the response class I'm using:
class AzureAdTokenResponse
{
[JsonProperty("access_token")]
public string AccessToken { get; set; }
}
这篇关于如何在不使用对话框的情况下在Azure Active Directory中进行授权?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!