如何从Azure中的ActiveDirectory应用程序当前令牌 [英] How to get current token from Azure ActiveDirectory application
问题描述
我使用Visual Studio 2013项目模板ASP.NET应用程序创建的。为了安全起见,我选择的Azure Active Directory中。我所有的登录工作,但我想开始使用图形API在我的应用程序来管理用户。我已经创建了一个应用程序键与Azure的AD使用,但我不太清楚如何去制作图形的电话。
I have an ASP.NET Application created using the Visual Studio 2013 project template. For security, I chose Azure Active Directory. I have all of the login working, but I'd like to start using the Graph API to manage users in my application. I have created an Application Key to use with Azure AD, but I'm not quite sure how to go about making graph calls.
我已经研究了在代码< A HREF =https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet相对=nofollow> https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet 时,但使用的图表以这种方式API需要一个令牌。
I've studied the code at https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet, but using the graph API in that way requires a token.
有没有办法从我的ASP.NET应用程序的令牌后,它已成功登录到AD,我可以用它来打电话图形API?也许通过增加的Global.asax方法?
Is there a way to get a token from my ASP.NET application after it has successfully logged into AD that I can use to call the graph API? Maybe by adding a method to Global.asax?
有另一种方式,从与该项目模板创建ASP.NET应用程序调用图形API?
Is there another way to call the graph API from an ASP.NET application created with this project template?
推荐答案
事实上,你使用的Web应用程序可以访问图形API,代表登录用户的需要OAuth令牌。如果您使用的.Net,你正在寻找正确的样本 - OpenID的连接是推荐的协议签署,在用户,并得到一个授权码来访问图形API:的 https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet 。
Indeed, you do need an OAuth token using which your web application can access the Graph API, on behalf of the logged in user. If you're using .Net, you are looking at the correct sample - OpenID Connect is the recommended protocol to sign-in the user and get an authorization code to access Graph API: https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet.
- 的OpenIDConnect(SSO +授权码流格兰特)开头当用户点击登录的链接。见_LoginPartial视图( https://开头github.com/AzureADSamples/WebApp-GraphAPI-DotNet/blob/master/WebAppGraphAPI/Views/Shared/_LoginPartial.cshtml )和签到行动中的AccountController。
- 的主要法宝发生在Startup.Auth.cs(的 https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet/blob/master/WebAppGraphAPI/App_Start/Startup.Auth.cs ):它配置上的事件委托AccessCodeReceived赎回的OAuth访问代码一个刷新令牌和访问令牌的资源(图形API),并把令牌中的令牌缓存。
- 查看AuthUtils类(的 https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet/blob/master/WebAppGraphAPI/Utils /AuthUtils.cs ):本GetAuthToken方法首先尝试检索从令牌缓存的访问令牌。如果访问令牌,并刷新令牌已经过期,它重新验证用户的身份来填充新鲜刷新令牌的令牌缓存
- 查看TokenCacheUtils类(的 https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet/blob/master/ WebAppGraphAPI / utils的/ TokenCacheUtils.cs ):它调用AAD令牌端点来获取资源你的情况(图表API)访问令牌,通过使用代码刷新标记
- The OpenIDConnect (SSO + Auth Code Grant flow) begins when the user clicks Sign-in link. See the _LoginPartial view (https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet/blob/master/WebAppGraphAPI/Views/Shared/_LoginPartial.cshtml) and the SignIn Action in the AccountController.
- The main magic happens in Startup.Auth.cs (https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet/blob/master/WebAppGraphAPI/App_Start/Startup.Auth.cs): It configures a delegate on the event AccessCodeReceived to redeem the OAuth Access Code for a Refresh Token and Access Token for the resource (Graph API) and puts the tokens in the token cache.
- See AuthUtils class (https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet/blob/master/WebAppGraphAPI/Utils/AuthUtils.cs): The GetAuthToken method first tries to retrieve an access token from the token cache. If the access token and refresh tokens have expired, it re-authenticates the user to populate the token cache with fresh refresh token.
- See TokenCacheUtils class (https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet/blob/master/WebAppGraphAPI/Utils/TokenCacheUtils.cs): It calls the AAD token endpoint to get an Access token for the resource (Graph API in your case), using the Refresh token using the code
希望这有助于
这篇关于如何从Azure中的ActiveDirectory应用程序当前令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
