'authority'应采用Uri格式参数名称:权限

时间:2015-05-22 19:54:56

标签: c# asp.net-mvc azure azure-active-directory adal

我根据这个例子开发了我的mvc应用程序: https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet

身份验证与Azure AAD完美配合,我可以看到用户已登录:

http://screencast.com/t/v7G6OgXC

但是在以下控制器中我想打印出一些APP属性,我得到上面的错误

  

'authority'应采用Uri格式参数名称:权限   描述:执行期间发生未处理的异常   当前的网络请求。请查看堆栈跟踪了解更多信息   有关错误的信息以及它在代码中的起源。

     

异常详细信息:System.ArgumentException:'authority'应该在   Uri格式参数名称:权限

我在控制器中的代码是这样的:

using Microsoft.Azure.ActiveDirectory.GraphClient;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.IdentityModel.Protocols;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Globalization;
using System.Linq;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;

namespace PruebasAD.Controllers
{
    public class ActiveDirectoryController : Controller
    {
        private static string azureAdGraphApiEndPoint = ConfigurationManager.AppSettings["ida:AzureAdGraphApiEndPoint"];
        private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
        private static string appKey = ConfigurationManager.AppSettings["ida:AppKey"];

        // GET: ActiveDirectory
        public ActionResult GetAzureAadApp()
        {
            // Instantiate an instance of ActiveDirectoryClient.
            Uri serviceRoot = new Uri(azureAdGraphApiEndPoint);
            ActiveDirectoryClient adClient = new ActiveDirectoryClient(
                serviceRoot,
                async () => await GetAppTokenAsync());

            // Create the extension property
            string extPropertyName = "VehInfo";
            ExtensionProperty extensionProperty = new ExtensionProperty()
            {
                Name = extPropertyName,
                DataType = "String",
                TargetObjects = { "User" }
            };

            Application app =(Application)adClient.Applications.Where(
                    a => a.AppId == clientId).ExecuteSingleAsync().Result;

            if (app == null)
            {
                throw new ApplicationException("Unable to get a reference to application in Azure AD.");
            }

            return View(app);
        }

        private static async Task<string> GetAppTokenAsync()
        {
            string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
            string appKey = ConfigurationManager.AppSettings["ida:AppKey"];
            string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
            string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
            string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
            string azureAdGraphApiEndPoint = ConfigurationManager.AppSettings["ida:AzureAdGraphApiEndPoint"];
            // This is the resource ID of the AAD Graph API.  We'll need this to request a token to call the Graph API.
            string graphResourceId = ConfigurationManager.AppSettings["ida:GraphResourceId"];

            string Authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);

            // Instantiate an AuthenticationContext for my directory (see authString above).
            AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);

            // Create a ClientCredential that will be used for authentication.
            // This is where the Client ID and Key/Secret from the Azure Management Portal is used.
            ClientCredential clientCred = new ClientCredential(clientId, appKey);

            // Acquire an access token from Azure AD to access the Azure AD Graph (the resource)
            // using the Client ID and Key/Secret as credentials.
            AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(azureAdGraphApiEndPoint, clientCred);

            // Return the access token.
            return authenticationResult.AccessToken;
        }
    }


    public class CompanyInfo
    {
        public int Nit;
        public string Nombre;
    }
}

并且为安全性更改了一些更改的web.config 

<add key="ida:GraphResourceId" value="https://graph.windows.net" />
    <add key="ida:GraphUserUrl" value="https://graph.windows.net/{0}/me?api-version=2013-11-08" />
    <add key="ida:ClientId" value="xx-b1aa-42ab-9693-6c22d01ca338" />
    <add key="ida:AppKey" value="xx/6Vsq0CuhQyYVcR5Vggw=" />
    <add key="ida:Tenant" value="xx.onmicrosoft.com" />
    <add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" />
    <add key="ida:PostLogoutRedirectUri" value="https://localhost:44300/" />
    <add key="ida:AzureAdGraphApiEndPoint" value="https://graph.windows.net/xx-d5f0-453b-8f60-2be9b41b2ea0" />

1 个答案:

答案 0 :(得分:6)

您需要将Authority传递给AuthenticationContext()而不是aadInstance

// Instantiate an AuthenticationContext for my directory (see authString above).
AuthenticationContext authenticationContext = new AuthenticationContext(authority, false);
相关问题
最新问题