如何在不使用对话框的情况下在Azure Active Directory中进行授权?

时间:2016-11-28 11:20:13

标签: asp.net-mvc azure azure-active-directory powerbi powerbi-embedded

我的应用程序为所有用户显示了我的power bi帐户的仪表板,我通过对话框授权Azure Active Directory获取访问令牌。我可以硬编码我的凭据并获取访问令牌而无需使用授权对话框。 码。它有效但它正在使用授权对话框。

           var @params = new NameValueCollection
        {
            {"response_type", "code"},
            {"client_id", Properties.Settings.Default.ClientID},
            {"resource", "https://analysis.windows.net/powerbi/api"},
            {"redirect_uri", "http://localhost:13526/Redirect"}
        };


        var queryString = HttpUtility.ParseQueryString(string.Empty);
        queryString.Add(@params);

        string authorityUri = "https://login.windows.net/common/oauth2/authorize/";
        var authUri = String.Format("{0}?{1}", authorityUri, queryString);
        Response.Redirect(authUri);


        Redirect.aspx
        string redirectUri = "http://localhost:13526/Redirect";
        string authorityUri = "https://login.windows.net/common/oauth2/authorize/";

        string code = Request.Params.GetValues(0)[0];

        TokenCache TC = new TokenCache();

        AuthenticationContext AC = new AuthenticationContext(authorityUri, TC);
        ClientCredential cc = new ClientCredential
            (Properties.Settings.Default.ClientID,
            Properties.Settings.Default.ClientSecret);

        AuthenticationResult AR = AC.AcquireTokenByAuthorizationCode(code, new Uri(redirectUri), cc);

        Session[_Default.authResultString] = AR;

        Response.Redirect("/Default.aspx");
        Default.aspx
         string responseContent = string.Empty;

        System.Net.WebRequest request = System.Net.WebRequest.Create(String.Format("{0}dashboards", baseUri)) as System.Net.HttpWebRequest;
        request.Method = "GET";
        request.ContentLength = 0;
        request.Headers.Add("Authorization", String.Format("Bearer {0}", authResult.AccessToken));

        using (var response = request.GetResponse() as System.Net.HttpWebResponse)
        {
            using (var reader = new System.IO.StreamReader(response.GetResponseStream()))
            {
                responseContent = reader.ReadToEnd();
                PBIDashboards PBIDashboards = JsonConvert.DeserializeObject<PBIDashboards>(responseContent);
            }
        }

2 个答案:

答案 0 :(得分:4)

我没有使用ADAL就这样做了一次。对于Power BI,由于它们不提供应用程序权限,因此仅委托。

您需要使用grant_type=password调用AAD令牌端点。您将在表单参数中指定用户名和密码,以及客户端ID,客户端密钥和资源URI。

这是我写的函数:

private async Task<string> GetAccessToken()
{
    string tokenEndpointUri = Authority + "oauth2/token";

    var content = new FormUrlEncodedContent(new []
        {
            new KeyValuePair<string, string>("grant_type", "password"),
            new KeyValuePair<string, string>("username", Username),
            new KeyValuePair<string, string>("password", Password),
            new KeyValuePair<string, string>("client_id", ClientId),
            new KeyValuePair<string, string>("client_secret", ClientSecret),
            new KeyValuePair<string, string>("resource", PowerBiResourceUri)
        }
    );

    using (var client = new HttpClient())
    {
        HttpResponseMessage res = await client.PostAsync(tokenEndpointUri, content);

        string json = await res.Content.ReadAsStringAsync();

        AzureAdTokenResponse tokenRes = JsonConvert.DeserializeObject<AzureAdTokenResponse>(json);

        return tokenRes.AccessToken;
    }
}

此处的权限是https://login.microsoftonline.com/tenant-id/。这是我正在使用的响应类:

class AzureAdTokenResponse
{
    [JsonProperty("access_token")]
    public string AccessToken { get; set; }
}

答案 1 :(得分:0)

我希望使用UserCreadential你已经提供了azure订阅的用户名和密码,你可以获得AccessToken并调用你的api。我希望它能帮助你。

 string ResourceUrl="https://analysis.windows.net/powerbi/api";
 string ClientId=Properties.Settings.Default.ClientID;//as per your code
 AuthenticationContext authenticationContext = new AuthenticationContext(Constants.AuthString, false);
 UserCredential csr = new UserCredential("your-username", "password");
 AuthenticationResult authenticationResult = authenticationContext.AcquireToken(ResourceUrl,ClientId, usr);
 string token = authenticationResult.AccessToken;