чистое основное приложение. Я пытаюсь вызвать Graph API в моем приложении. Ниже мой код. Это политика, которую я применил поверх Controller.
[Authorize(Policy = "APGroupsOnly")]
Ниже политики, которую я добавил при запуске.
services.AddAuthorization(options =>
{
options.AddPolicy("APGroupsOnly", policy =>
policy.Requirements.Add(new GroupsCheckRequirement("YourGroupID")));
});
Я пытаюсь поразить apis от чванства. Ниже моя конфигурация чванства.
"ClientId": "my client id",
"ClientSecret": "my client secrete",
"AuthorizationUrl": "https://login.microsoftonline.com/myid/oauth2/authorize",
"TokenUrl": "https://login.microsoftonline.com/myid/oauth2/token"
Ниже мой файл MSGraphService.cs
public async Task<User> GetMeAsync(string accessToken)
{
User currentUserObject;
try
{
PrepareAuthenticatedClient(accessToken);
currentUserObject = await graphServiceClient.Me.Request().GetAsync();
}
catch (ServiceException e)
{
Debug.WriteLine("We could not fetch details of the currently signed-in user: " + $"{e}");
return null;
}
return currentUserObject;
}
private void PrepareAuthenticatedClient(string accessToken)
{
if (graphServiceClient == null)
{
// Create Microsoft Graph client.
try
{
graphServiceClient = new GraphServiceClient("https://graph.microsoft.com/.default",
new DelegateAuthenticationProvider(
async (requestMessage) =>
{
await Task.Run(() =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", accessToken);
});
}));
}
catch (Exception ex)
{
Debug.WriteLine($"Could not create a graph client {ex}");
}
}
}
Ниже мой GroupsCheckHandler
public class GroupsCheckHandler : AuthorizationHandler<GroupsCheckRequirement>
{
private IHttpContextAccessor _httpContextAccessor;
private readonly IMSGraphService graphService;
public GroupsCheckHandler(IHttpContextAccessor httpContextAccessor, IMSGraphService MSGraphService)
{
_httpContextAccessor = httpContextAccessor;
this.graphService = MSGraphService;
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, GroupsCheckRequirement requirement)
{
var accessToken = _httpContextAccessor.HttpContext.Request.Headers["Authorization"];
User me = await graphService.GetMeAsync(accessToken);
}
}
Всякий раз, когда я проверяю выполнение, я получаюследующая ошибка.
Не удалось получить сведения о текущем вошедшем в систему пользователе: Код состояния: не авторизован Microsoft.Graph.ServiceException: Код: InvalidAuthenticationToken Сообщение: сбой синтаксического анализа CompactToken с кодом ошибки: 80049217
Ниже приведен мой файл запуска.
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
azureActiveDirectoryOptions = configuration.GetSection("AzureAd").Get<AzureActiveDirectoryOptions>();
swaggerUIOptions = configuration.GetSection("Swagger").Get<SwaggerUIOptions>();
}
public IConfiguration Configuration { get; }
private readonly AzureActiveDirectoryOptions azureActiveDirectoryOptions;
private readonly SwaggerUIOptions swaggerUIOptions;
//
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services.AddTransient<IMSGraphService, MSGraphService>();
services
.AddAuthentication(o =>
{
o.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
o.Authority = azureActiveDirectoryOptions.Authority;
o.TokenValidationParameters = new TokenValidationParameters
{
ValidAudiences = new List<string>
{
azureActiveDirectoryOptions.AppIdUri,
azureActiveDirectoryOptions.ClientId
},
ValidateIssuer = true,
ValidateAudience = true,
ValidIssuer = "https://myorg.onmicrosoft.com/oauth2/default",
RoleClaimType = ClaimTypes.Role
};
});
services.AddMvc(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_1); ;
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" });
c.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Type = "oauth2",
Flow = "implicit",
AuthorizationUrl = swaggerUIOptions.AuthorizationUrl,
TokenUrl = swaggerUIOptions.TokenUrl,
Scopes = new Dictionary<string, string>
{
{"Read", "13469a45-a2ea-45a1-96e7-6580f57b6e30/.default" }
}
});
c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
{ "oauth2", new[] { "readAccess", "writeAccess" } }
});
});
services.AddAuthorization(options =>
{
options.AddPolicy("APGroupsOnly", policy =>
policy.Requirements.Add(new GroupsCheckRequirement("YourGroupID")));
});
services.AddScoped<IAuthorizationHandler, GroupsCheckHandler>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.RoutePrefix = "swagger";
c.OAuthClientId(swaggerUIOptions.ClientId);
c.OAuthClientSecret(swaggerUIOptions.ClientSecret);
c.OAuthRealm(azureActiveDirectoryOptions.ClientId);
c.OAuthAppName("Swagger");
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
c.OAuthAdditionalQueryStringParams(new Dictionary<string, string>() { { "resource", azureActiveDirectoryOptions.AppIdUri } });
});
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc();
}
}
Может кто-нибудь помочь мне решить эту проблему? Любая помощь будет оценена. Спасибо.