在机器对机器方案中将MSAL用作CSP [英] Using MSAL in a machine-to-machine scenario as a CSP

问题描述

我正在尝试通过官方nuget库使用GraphAPI( https://github. com/microsoftgraph/msgraph-sdk-dotnet ).但是，身份验证过程并非易事，而且记录也不够完善.

I am trying to use the GraphAPI using the official nuget library (https://github.com/microsoftgraph/msgraph-sdk-dotnet). However, the authentication process is not trivial and not very well documented.

在机器对机器的情况下，我是CSP合作伙伴，因此不存在带有重定向URL的UI应用程序，用户可以在其中手动输入其凭据以同意访问.但这似乎是独特的场景，在我发现的示例中有充分的文档记录或可用...即使是官方的CSP文档也不清楚(

I am in a CSP partner in a machine-to-machine scenario, so there is no UI application with a redirect url where a user manually enter it's credentials to consent access. But it seems to be the unique scenario well documented or available in the samples I found... Even the official CSP documentation is not clear (https://developer.microsoft.com/en-us/graph/docs/concepts/auth_cloudsolutionprovider).

我以前在生产(和TIP环境)中使用了许多其他API作为CSP，例如MSOL，CrestAPI和AzureGraph，因此应用程序的所有配置和注册都没有问题.

I previously used many other APIs in production (and TIP environment) as a CSP like MSOL, CrestAPI and AzureGraph, so all the configuration and registration of the application is not a problem.

在机器对机器方案中是否可以将MSAL用作CSP?我的用例是否有可用的文档或示例?

Is it possible to use MSAL as a CSP in a machine-to-machine scenario? Is there any documentation or sample available for my use case?

更新

我认为我走的很好.

首先，我必须在apps.dev.microsoft.com上注册我的应用程序.我的应用程序先前已在portal.azure.com上注册.看起来AzureAD和Graph在必须注册应用程序的地方有不同的要求.

First, I had to register my app on apps.dev.microsoft.com. My apps were previously registered on portal.azure.com. Looks like AzureAD and Graph had different requirements related to where applications must be registered.

第二，我在这里使用示例: https://github .com/Azure-Samples/active-directory-dotnet-daemon-v2 .

Second, I use the sample here: https://github.com/Azure-Samples/active-directory-dotnet-daemon-v2 .

第三，当我提供CSP TenantId时，我可以调用Graph API.但是，当我尝试使用我管理的一位租户的TenantId调用Graph API时，我得到了:

Third, I am able to call the Graph API when I provide my CSP TenantId. However, when I try to call the Graph API using the TenantId of one of the tenant I manage, I got a:

{  "error": {
"code": "Authorization_IdentityNotFound",
"message": "The identity of the calling application could not be established.",
"innerError": {
  "request-id": "7cab3137-b3e7-4622-9123-e47f2c018c56",
  "date": "2017-09-04T14:48:34"
} } }

(我无法在用例中获得同意页面，因此我尝试使用以下方式为所有消费者预先同意我的应用程序:

(I cannot have the consent page in my use case so I tried to pre-consent my app for all consumers using: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_cloudsolutionprovider)

推荐答案

您可以使用代码段.最好的选择是连接示例在可运行的应用程序中显示此内容.

You can use MSAL to perform the auth required for the Graph SDK. There are some code snippets of using the .NET Graph SDK with the MSAL, but your best bet is the Connect Sample that shows this in a working app.

有关如何使用MSAL及其库功能的完整指导样本，请检出 MSAL .NET桌面示例.

For a complete guided sample of how to use MSAL and what the library does, checkout the MSAL .NET Desktop Sample.

这篇关于在机器对机器方案中将MSAL用作CSP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！