在尝试通过Azure AD OpenIdConnect对用户进行身份验证时,我的ASP.NET MVC Core应用程序会随机间隔抛出此错误:
failed_to_acquire_token_silently
解决方法是截断ADAL的数据库表UserTokenCache。
在我的OWIN管道配置中不确定我做错了什么。
用户通过身份验证后,我想获取图表api的令牌,以便从Azure AD检索其他声明。
从catch块抛出异常
accessToken = authenticationContext.AcquireToken("https://graph.windows.net",
clientCredential).AccessToken;
这是完整的方法:
/// <summary>
/// This method has been adapted from generated code from a new ASP.NET MVC 5 project template
/// when using Organisational Accounts authentication.
/// This method acquires a Token from Azure AD in order to call its Graph API.
/// The token is acquired using the currently logged in User's refresh token.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
private async Task<string> GetTokenForApplicationAsync()
{
ClientCredential clientCredential =
new ClientCredential(
Configuration["Authentication:AzureAd:ClientId"],
Configuration["Authentication:AzureAd:ClientSecret"]);
AuthenticationContext authenticationContext =
new AuthenticationContext(
Configuration["Authentication:AzureAd:AADInstance"] +
Configuration["Authentication:AzureAd:TenantId"],
new ADALTokenCacheService(signedInUserID, Configuration));
string accessToken = null;
try
{
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenSilentAsync(
Configuration["Authentication:AzureAd:GraphResource"],
clientCredential,
new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
accessToken = authenticationResult.AccessToken;
}
catch (AdalException e)
{
accessToken = authenticationContext.AcquireToken("https://graph.windows.net",
clientCredential).AccessToken;
}
return accessToken;
}
我已经看过this post这与我正在处理的问题不同。