使用Microsoft Graph无需任何用户交互即可获取电子邮件 [英] Using Microsoft Graph to fetch emails without any user interaction

问题描述

我要做的就是为其他用户可以访问的用户ID获取电子邮件，而无需他们登录其Microsoft帐户.我看过许多SO帖子(此，此)，并查看了

All I am trying to do is to fetch emails for a userID which is accessible to other users without having them logging into their Microsoft accounts. I have looked at numerous SO posts (this), code samples (this, this) and looked into the specs of OpenID and other docs (this), but still not able to figure it out.

我已经在azure门户中注册了应用程序，并授予了必需的权限.使用示例应用，我可以获取用户列表，但不是电子邮件列表.我比较了用户查询和电子邮件查询的请求标头.两者看起来都一样.有人可以告诉我我在做什么错吗?

I have registered app in azure portal and granted required permissions. Using the sample app I am able to fetch user list, but not the email list. I compared the request headers for both user query and email query. Both look the same. Can someone please tell me what I am doing wrong?

代码如下:

Startup.Auth.cs

public static string clientId = "<CLIENT ID>";
public static string clientSecret = <CLIENT SECRET>;
private static string authority = "https://login.microsoftonline.com/common/v2.0";
public static string redirectUri = "https://localhost:44316/";

private void ConfigureAuth(IAppBuilder app)
{
   app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

   app.UseCookieAuthentication(new CookieAuthenticationOptions());

   app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
   {
       ClientId = clientId,
       Authority = authority,
       RedirectUri = redirectUri,
       PostLogoutRedirectUri = redirectUri,
       //Scope = "openid profile offline_access Mail.Read",
       Scope = "email profile openid offline_access User.Read Mail.Read",
       //ResponseType = "id_token",
       ResponseType = "code id_token",
       TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, NameClaimType = "name" },
       Notifications = new OpenIdConnectAuthenticationNotifications
       {
          AuthenticationFailed = this.OnAuthenticationFailedAsync,
          SecurityTokenValidated = this.OnSecurityTokenValidatedAsync
        }
    });
}

SyncController.cs

private const string AuthorityFormat = "https://login.microsoftonline.com/{0}/v2.0";
private const string MSGraphScope = "https://graph.microsoft.com/.default";
//private const string MSGraphQuery = "https://graph.microsoft.com/v1.0/users";
//private const string MSGraphQuery = "https://graph.microsoft.com/v1.0/me";
private const string MSGraphQuery = "https://graph.microsoft.com/v1.0/me/messages";

public async Task GetAsync(string tenantId)
{
    MSALCache appTokenCache = new MSALCache(Startup.clientId);

    // Get a token for the Microsoft Graph. If this line throws an exception for
    // any reason, we'll just let the exception be returned as a 500 response
    // to the caller, and show a generic error message to the user.
    ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(Startup.clientId, string.Format(AuthorityFormat, tenantId), Startup.redirectUri,
                                                                                   new ClientCredential(Startup.clientSecret), null, appTokenCache.GetMsalCacheInstance());
    AuthenticationResult authResult = await daemonClient.AcquireTokenForClientAsync(new[] { MSGraphScope });

    HttpClient client = new HttpClient();

    // Uses SendAsync
    /*HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, MSGraphQuery);
    request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
    //request.Headers.Add("client-request-id", System.Guid.NewGuid().ToString());
    //request.Headers.Add("return-client-request-id", "true");
    HttpResponseMessage response = await client.SendAsync(request);*/

    // Uses GetAsync
    client.BaseAddress = new System.Uri(MSGraphQuery);
    client.DefaultRequestHeaders.Accept.Clear();
    client.DefaultRequestHeaders.Add("Authorization", "Bearer " + authResult.AccessToken);
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
    HttpResponseMessage response = await client.GetAsync(MSGraphQuery);
}

修改1: 以下是用户列表(有效)和电子邮件列表(无效)的请求和响应值:

Edit 1: Here are the request and response values for user list (working) and email list (not working):

Request body to fetch user list (working):

{Method: GET, RequestUri: 'https://graph.microsoft.com/v1.0/users', Version: 1.1, Content: <null>, Headers:
{
  Accept: application/json
  Authorization: Bearer eyJ0eXAiOiJKV...
}}


Response when fetching user list (working):

{StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Transfer-Encoding: chunked
  request-id: 02034f96-f519-4f5f-b47d-efb98dff0072
  client-request-id: 02034f96-f519-4f5f-b47d-efb98dff0072
  x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"South India","Slice":"SliceC","Ring":"5","ScaleUnit":"002","Host":"AGSFE_IN_8","ADSiteName":"INS"}}
  OData-Version: 4.0
  Duration: 76.0712
  Strict-Transport-Security: max-age=31536000
  Cache-Control: private
  Date: Fri, 02 Nov 2018 12:36:51 GMT
  Content-Type: application/json; odata.metadata=minimal; odata.streaming=true; IEEE754Compatible=false; charset=utf-8
}}


Request body to fetch emails (not working):

{Method: GET, RequestUri: 'https://graph.microsoft.com/v1.0/me/mailFolders('Inbox')/messages', Version: 1.1, Content: <null>, Headers:
{
  Accept: application/json
  Authorization: Bearer eyJ0eXAiOiJKV...
}}    

Response when fetching list of emails (not working):

{StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Transfer-Encoding: chunked
  request-id: 5b728866-b132-404f-9986-70fc56e57c3c
  client-request-id: 5b728866-b132-404f-9986-70fc56e57c3c
  x-ms-ags-diagnostic: {"ServerInfo":{"DataCenter":"South India","Slice":"SliceC","Ring":"5","ScaleUnit":"002","Host":"AGSFE_IN_6","ADSiteName":"INS"}}
  Duration: 4205.8126
  Strict-Transport-Security: max-age=31536000
  Cache-Control: private
  Date: Fri, 02 Nov 2018 12:43:03 GMT
  Content-Type: application/json
}}

推荐答案

您正在使用Client_Credentials对REST调用中的/me路径对应用程序和进行身份验证.这两个不能一起工作.

You're using Client_Credentials to authenticate the app and using the /me path in your REST call. These two do not work together.

/me在后台被转换为当前已验证的用户(即/users/user@domain.由于您没有已被验证的用户，因此它根本不是"图表无法将您的请求转换为可行的调用.

Behind the scenes /me is translated into the currently authenticated user (i.e. /users/user@domain. Since you don't have a user authenticated, it simply isn't possible for the Graph to translate your request into an actionable call.

您需要使用其 id或其userPrincipalName :

You need to explicitly reference the user using either their id or their userPrincipalName:

 /v1.0/users/123e4567-e89b-12d3-a456-426655440000/mailFolders('Inbox')/messages
 /v1.0/users/user@yourdomain.com/mailFolders('Inbox')/messages

这篇关于使用Microsoft Graph无需任何用户交互即可获取电子邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！