天蓝色广告图api不提取用户信息 [英] azure ad graph api not pulling user information
问题描述
我正在使用azure广告图api从活动目录中提取用户个人资料数据.我所有的输入参数都是正确的,并且令牌也使用以下代码生成.但这不是给用户配置文件对象作为response.response.IsSuccessStatusCode始终为false.我在这里可能是什么错误?
I am using azure ad graph api to pull user profile data from active directory. All my input parameters are correct and token is also generated with the below code. But it is not giving user profile object as response.response.IsSuccessStatusCode is always false. What may be my mistake here?
private readonly string graphUserUrl = "https://graph.windows.net/{0}/me?api-version=1.6"
string tenantName = "Microsoft.OnMicrosoft.com";
string authString = "https://login.microsoftonline.com/" + tenantName;
AuthenticationContext authenticationContext = new AuthenticationContext(authString, false);
// Config for OAuth client credentials
ClientCredential clientCred = new ClientCredential(clientId, appKey);
string resource = "https://graph.windows.net";
string token = "";
try
{
AuthenticationResult authenticationResult = authenticationContext.AcquireToken(resource, clientCred);
token = authenticationResult.AccessToken;
}
catch (AuthenticationException ex)
{
}
UserProfile profile;
string requestUrl = String.Format(CultureInfo.InvariantCulture,graphUserUrl,HttpUtility.UrlEncode(tenantId));
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
//HttpResponseMessage response = await client.SendAsync(request);
HttpResponseMessage response = client.SendAsync(request).Result;
// Return the user's profile in the view.
if (response.IsSuccessStatusCode)
{
string responseString = await response.Content.ReadAsStringAsync();
profile = JsonConvert.DeserializeObject<UserProfile>
(responseString);
}
推荐答案
您正在使用应用程序令牌来检索用户信息.由于令牌中没有此类登录用户信息,因此预计会出现错误.要使用应用程序令牌读取用户信息,我们需要使用users\{id | userPrincipalName}替换me,如下所示:
You were using the the application-token to retrieve the user info. The error is expected since there is no such kind of sign-in user info in the token. To read user info using the application-token, we need to replace me using users\{id | userPrincipalName} like the reuqest below:
https://graph.windows.net/{tenant}/users/{id|userPrincipalName}?api-version=1.6
应用程序令牌通常用于由客户凭据流获取使用的守护程序服务中. 有关此流程的更多详细信息,可以在此处进行参考.
The application-token is usually used in a daemon service which acquire using by Client Credentials flow. More detail about this flow, you can refer here.
如果要使用me密钥世界,则需要使用可以通过预览线程 ,似乎您正在使用Web应用程序进行开发.请检查代码示例
If you want to use the me keyworld, we need to use the delegate-token which we can acquire using like the OAuth 2 code grant flow. And based on the previews thread, it seems that you were developing with an web app. Please check the code sample here about developing with Azure AD Graph to show the profile. Here is the relative code to acquire the token:
string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value;
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, new NaiveSessionCache(userObjectID));
ClientCredential credential = new ClientCredential(clientId, appKey);
result = await authContext.AcquireTokenSilentAsync(graphResourceId, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
这是有关Azure AD身份验证安全性的有用文档:
And here is an helpful document about authencation secnario for Azure AD:
这篇关于天蓝色广告图api不提取用户信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
