来自 azure 活动目录的 C# CSOM Sharepoint Bearer 请求 [英] C# CSOM Sharepoint Bearer request from azure active directory

问题描述

我使用以下方法作为此基础(

我也为应用注册做了同样的事情，我们并没有真正使用它！仍然不确定应用程序注册是如何进入的)...

解决方案

所以这是可能的，只是微软告诉我们输入了错误的值.所有文档都说将 APP ID URI 放在资源中.但在我们的例子中，它需要是共享点网址.

所以我们有租户名称，在 azure 上标识域名，例如srmukdev.onmicrosoft.com

租户:srmukdev.onmicrosoft.com

应用程序 ID:这是在 azure 活动目录中注册的应用程序的 guid.

RedirectUri:这可以是任何网址(URI)，据我所知，它实际上并未用作移动应用程序的网址.

ResourceUrl:srmukdev.sharepoint.com

我用来获取令牌的代码如下，用于 WPF 示例.aadInstance 是 https://login.microsoftonline.com/{0}

private static string authority = String.Format(CultureInfo.InvariantCulture, aadInstance,tenant);public async void CheckForCachedToken(PromptBehavior propmptBehavior){////当应用程序启动时，尝试在不提示用户的情况下获取访问令牌.如果存在，则填充待办事项列表.如果没有，请继续.//AuthenticationResult 结果 = null;尝试{结果 = 等待 authContext.AcquireTokenAsync(resourceUrl, applicationId, redirectUri, new PlatformParameters(propmptBehavior));TokenTextBox.Text = result.AccessToken;//缓存中存在有效令牌 - 获取待办事项列表.GetTokenButton.Content = "清除缓存";}捕获(AdalException 前){if (ex.ErrorCode == "user_interaction_required"){//缓存中没有令牌.继续而不调用待办事项列表服务.}别的{//一个意料之外的问题发生了.字符串消息 = ex.Message;if (ex.InnerException != null){消息 += "内部异常:" + ex.InnerException.Message;}MessageBox.Show(message);}返回;}}

I am using the following approach as the basis of this (https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-webapi-dotnet).

I got all this example working after setting up azure. But now we need to port it to an actual existing mobile app and web api app. The mobile app can get the Bearer token, but when we pass it to the web api, we pass this in a CSOM request as follows, but we still get a 401 Unauthroised response.

public static ClientContext GetSharepointBearerClientContext(this JwtTokenDetails tokenDetails)
    {
        var context = new ClientContext(tokenDetails.SiteUrl);
        //context.AuthenticationMode = ClientAuthenticationMode.Anonymous;
        context.ExecutingWebRequest += new EventHandler<WebRequestEventArgs>((s, e) =>
        {
            e.WebRequestExecutor.RequestHeaders["Authorization"] = "Bearer " + tokenDetails.BearerToken;
        });
        return context;
    }

Our web api doesn't use any of the tech as in the example above, as I presume that we should just be able to pass the token through the CSOM request in the header, but this is not working, what else could I look at?

I have assigned the Office 365 Sharepoint Online (Microsoft.Sharepoint) permission and set the following

I have also done the same for the app registration, which we don't really use! Still not sure how the app registration comes into it)...

解决方案

So this was possible, it was just microsoft telling us to put in an incorrect value. All the documentation says put the APP ID URI in the Resource. But in our case it needed to be the sharepoint url.

So we have the tenant name which on azure id the domain name e.g. srmukdev.onmicrosoft.com

Tenant: srmukdev.onmicrosoft.com

Application Id: This is the guid for the app registered in azure active directory.

RedirectUri: This can be any url(URI), its not actually used as a url for a mobile app as far as I can see.

ResourceUrl: srmukdev.sharepoint.com

The code I am using to get a token is as follows for a WPF example. The aadInstance is https://login.microsoftonline.com/{0}

private static string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

public async void CheckForCachedToken(PromptBehavior propmptBehavior)
    {
        //
        // As the application starts, try to get an access token without prompting the user.  If one exists, populate the To Do list.  If not, continue.
        //
        AuthenticationResult result = null;
        try
        {
            result = await authContext.AcquireTokenAsync(resourceUrl, applicationId, redirectUri, new PlatformParameters(propmptBehavior));
            TokenTextBox.Text = result.AccessToken;
            // A valid token is in the cache - get the To Do list.
            GetTokenButton.Content = "Clear Cache";
        }
        catch (AdalException ex)
        {
            if (ex.ErrorCode == "user_interaction_required")
            {
                // There are no tokens in the cache.  Proceed without calling the To Do list service.
            }
            else
            {
                // An unexpected error occurred.
                string message = ex.Message;
                if (ex.InnerException != null)
                {
                    message += "Inner Exception : " + ex.InnerException.Message;
                }
                MessageBox.Show(message);
            }
            return;
        }
    }

这篇关于来自 azure 活动目录的 C# CSOM Sharepoint Bearer 请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！