我可以将Microsoft Graph SDK与Azure AD Easy Auth一起使用吗 [英] Can I use the Microsoft Graph SDK with Azure AD Easy Auth

问题描述

我在Azure上有一个C#.NET MVC Web应用程序，我已将其打开 Microsoft Graph SDK .

I have a C# .NET MVC Web App on Azure that I've turned Easy Auth on for Azure AD accounts. I would like to be able to use the Microsoft Graph SDK alongside it.

在上面链接的cgillum撰写的Easy Auth文章中，他说:

In the Easy Auth article written by cgillum linked above, he says:

我还将指出，我使用的是HTTP原语，而不是使用官方的Graph API客户端SDK.这主要是为了强调对Azure AD Graph API的访问可以用任何语言编写，并且不需要任何SDK(尽管您可以根据需要使用这些SDK).

I’ll also point out that I used HTTP primitives rather than using the official Graph API Client SDK. This was mainly to emphasize that access to the Azure AD Graph API can be written in any language and doesn’t require any SDKs (though you can certainly use the SDKs if you like).

我了解这是一年多以前编写的，并且考虑到了AAD Graph，但是他说可以使用AAD Graph SDK，所以MS Graph可以使用. (老实说，我很高兴看到任何一种方法，但是似乎在推动使用MS Graph而不是AAD Graph方面有很大的推动力)

I understand that this was written over a year ago and with AAD Graph in mind, but he said it was possible to use the AAD Graph SDK, so maybe it's possible for MS Graph. (I'd honestly be happy to see if either way, but there seems to be a big push to use MS Graph over AAD Graph)

当前，我能够对Microsoft Graph端点进行URL调用( https://graph.microsoft.com )在我的控制器中，如下所示:

Currently I'm able to make url calls to Microsoft Graph endpoint (https://graph.microsoft.com) in my controller like so:

public JObject GetMe()
{
    string accessToken = this.Request.Headers["X-MS-TOKEN-AAD-ACCESS-TOKEN"];
    var url = "https://graph.microsoft.com/v1.0/me"; // MS Graph

    using (var httpClient = new HttpClient())
    {
        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
        var response = httpClient.GetStringAsync(url).Result;
        var json = JObject.Parse(response);
        return json;
    }
}

这将返回:

{
   "@odata.context":"https://graph.microsoft.com/v1.0/$metadata#users/$entity",
   "id":"a4cxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
   "businessPhones":[
      "(xxx) xxx-xxxx"
   ],
   "displayName":"Ryan Taite",
   "givenName":"Ryan",
   "jobTitle":"xxxxxxxxxxxx",
   "mail":"xxxxxxx@xxxxxxx.xxxxx",
   "mobilePhone":"(xxx) xxx-xxxx",
   "officeLocation":"xxxxxxx",
   "preferredLanguage":"xxxxxxx",
   "surname":"Taite",
   "userPrincipalName":"xxxxxxx@xxxxxxx.xxxxx"
}

我仅限于构造url调用吗?
是否可以利用 Microsoft.Graph SDK 和Easy Auth，以便我可以进行如下呼叫，其中new AzureAuthenticationProvider()将以某种方式利用Easy Auth accessToken:

Am I restricted to constructing url calls?
Would it be possible to utilize the Microsoft.Graph SDK and Easy Auth so that I can make calls like below, where new AzureAuthenticationProvider() would utilize the Easy Auth accessToken somehow?:

public async Task<User> GetMeViaMsGraph()
{
    Microsoft.Graph.GraphServiceClient graphServiceClient = new Microsoft.Graph.GraphServiceClient(authenticationProvider:new AzureAuthenticationProvider());
    Microsoft.Graph.User user = await graphServiceClient.Me.Request().GetAsync();
    return user;
}

我在 msgraph-sdk-dotnet GitHub 上找到了概述部分，该部分讨论了 AuthenticationProvider ，但我仍然不确定我要问的内容是否可行.

I found on the msgraph-sdk-dotnet GitHub an Overview section that discusses the AuthenticationProvider but I'm still not certain if what I'm asking is doable or not.

---

更新:

按照下面的Nan Yu的示例，我能够获得预期的结果，但是我只是想在这里充实它，以防其他人看到.

Following Nan Yu's example below I was able to get the desired results, but I just want to flesh it out here in case others want to see.

在我的控制器中，我具有以下功能:

In my controller I have these functions:

// Get myself as a Microsoft.Graph User Object
public User GetMeViaMsGraph()
{
    string accessToken = this.Request.Headers["X-MS-TOKEN-AAD-ACCESS-TOKEN"];
    GraphServiceClient graphClient = new GraphServiceClient(new AzureAuthenticationProviderTest(accessToken)); // implementation not shown here, but it's the exact same as Nan Yu's
    User me = graphClient.Me.Request().GetAsync().Result;

    return me;
}

// Send the User object to my Index page
public ActionResult Index()
{
    return View(GetMeViaMsGraph());
}

我删除了async Task<User>和await，因为我遇到了问题并且需要继续前进.

I removed the async Task<User> and await because I was running into issues and needed to move on.

在我的Index.cshtml页面上，我可以快速显示我可以访问User对象及其数据:

On my Index.cshtml page I have this to quickly show that I can access the User object and its data:

@using Microsoft.Graph;

@model User

<div>
    @Model.DisplayName
    @Model.GivenName
    @Model.SurName
    @Model.JobTitle
</div>

推荐答案

SDK不支持所有API的功能，这是我们通常使用HTTP原语的另一个原因.但是，如果您仍然希望将Easy Auth与Microsoft.Graph SDK结合使用，则可以添加类似以下内容的类:

Not all API's features are supported by the SDKs , that is another reason we usually use HTTP primitives . But if you still want to use Easy Auth with Microsoft.Graph SDK , you add a class something like :

public class AzureAuthenticationProviderTest : IAuthenticationProvider
    {
        string accessToken = string.Empty;
        public AzureAuthenticationProviderTest(string accessToken) {
            this.accessToken = accessToken;

        }

        public async Task AuthenticateRequestAsync(HttpRequestMessage request)
        {
            try
            {

                // Append the access token to the request.
                request.Headers.Authorization = new AuthenticationHeaderValue("bearer", accessToken);
            }
            catch (Exception ex)
            {
            }
        }
    }

传递您的访问令牌，并使用sdk，如:

Pass your access token and used the sdk like :

 string accessToken = "YourAccessToken";
 GraphServiceClient graphClient = new GraphServiceClient(new AzureAuthenticationProviderTest(accessToken));  
 var groupIDs = await graphClient.Users["UserUPN"].GetMemberGroups(false).Request().PostAsync();

这篇关于我可以将Microsoft Graph SDK与Azure AD Easy Auth一起使用吗的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！