如何使用带有承载令牌的C#REST API身份验证生成承载令牌? [英] How to generate Bearer Token using C# REST API Authenticate with Bearer Token?

问题描述

我试图创建webjob来执行令牌端点并生成承载令牌并执行Graph End Point to Query图吗?如何使用C#REST Api达到相同的目的?什么是令牌终点?以下是Postman工具中生成的令牌的屏幕截图.

I am trying to create webjob to execute Token end point and generate the bearer token and execute Graph End Point to Query graph? How can I achive the same using C# REST Api? What is token end point? Following is the screenshot for token genrated in Postman tool.

推荐答案

什么是令牌终点?

What is token end point?

https://login.windows.net/<tenant-id>/oauth2/token

---

如何使用C#REST Api实现相同的功能?

How can I achive the same using C# REST Api?

如果要在Azure AD OAuth中使用资源所有者密码凭据授予，则可以从以下

If you want to use Resource Owner Password Credentials Grant in Azure AD OAuth, you may get the answer from this blog. The following is the snippet from the blog.

注意:

1. 此外，请注意，资源所有者密码授予未提供同意，并且也不支持 MFA
2. 请使用本地进行测试

1. Furthermore, notice that resource owner password grant doesn't provide consent and doesn't support MFA either
2. Please test with native Azure AD application.
3. Add the user as the Application owner

以下是Azure AD OAuth中资源所有者所需的参数

The following are the parameters needed in Azure AD OAuth for resource owner

密码授予.

名称

说明

grant_type-OAuth 2授权类型:密码

grant_type - The OAuth 2 grant type: password

资源-使用令牌的应用程序，例如Microsoft Graph，Azure AD Graph或您自己的Restful服务

resource - The app to consume the token, such as Microsoft Graph, Azure AD Graph or your own Restful service

client_id-Azure AD中已注册应用程序的客户端ID

client_id - The Client Id of a registered application in Azure AD

用户名-Azure AD中的用户帐户

username -The user account in Azure AD

密码-用户帐户的密码

scope-可选，例如openid以获取ID Tok

scope - optional, such as openid to get Id Tok

演示代码:

using (HttpClient client = new HttpClient())
{
  var tokenEndpoint = @"https://login.windows.net/<tenant-id>/oauth2/token";
  var accept = "application/json";

  client.DefaultRequestHeaders.Add("Accept", accept);
  string postBody = @"resource=https%3A%2F%2Fgraph.microsoft.com%2F
  &client_id=<client id>
  &grant_type=password
  &username=xxx@xxx.onmicrosoft.com
  &password=<password>
  &scope=openid";

  using (var response = await client.PostAsync(tokenEndpoint, new StringContent(postBody, Encoding.UTF8, "application/x-www-form-urlencoded")))
  {
    if (response.IsSuccessStatusCode)
    {
      var jsonresult = JObject.Parse(await response.Content.ReadAsStringAsync());
      token = (string)jsonresult["access_token"];
    }
  }
}

已更新:

根据您的评论，我还使用RestClient进行了演示.

According to your comment, I also do a demo with RestClient.

var tenantId = "xxxxxx";
var client = new RestClient("https://login.windows.net/");
var request = new RestRequest($"{tenantId}/oauth2/token", Method.POST);
//// easily add HTTP Headers
request.AddHeader("Accept", "application/json");
string postBody = @"resource=https://graph.microsoft.com/&client_id=xxxxx&grant_type=password&username=xxxxx&password=xxxxx&scope=openid";
request.AddParameter("application/x-www-form-urlencoded", postBody, ParameterType.RequestBody); //add request text body 
IRestResponse response = client.Execute(request);
var content = response.Content;
var token = JObject.Parse(content)["access_token"];

测试结果:

这篇关于如何使用带有承载令牌的C#REST API身份验证生成承载令牌?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！