azure ad graph api不会提取用户信息

时间:2017-03-08 03:07:21

标签: c# asp.net-mvc azure azure-active-directory azure-ad-graph-api

我正在使用azure ad graph api从活动目录中提取用户个人资料数据。我的所有输入参数都是正确的,并且还使用以下代码生成令牌。但它没有给用户配置文件对象作为response.response.IsSuccessStatusCode始终为false。这可能是我的错误?

private readonly string graphUserUrl = "https://graph.windows.net/{0}/me?api-version=1.6"
    string tenantName = "Microsoft.OnMicrosoft.com";
                string authString = "https://login.microsoftonline.com/" + tenantName;
                AuthenticationContext authenticationContext = new AuthenticationContext(authString, false);
                // Config for OAuth client credentials             
                ClientCredential clientCred = new ClientCredential(clientId, appKey);
                string resource = "https://graph.windows.net";
                string token = "";
                try
                {
                    AuthenticationResult authenticationResult = authenticationContext.AcquireToken(resource, clientCred);
                    token = authenticationResult.AccessToken;
                }
                catch (AuthenticationException ex)
                {

                }

                UserProfile profile;
                string requestUrl = String.Format(CultureInfo.InvariantCulture,graphUserUrl,HttpUtility.UrlEncode(tenantId));
                HttpClient client = new HttpClient();
                HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUrl);
                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
                //HttpResponseMessage response = await client.SendAsync(request);
                HttpResponseMessage response = client.SendAsync(request).Result;

                // Return the user's profile in the view.
                if (response.IsSuccessStatusCode)
                {
                    string responseString = await response.Content.ReadAsStringAsync();
                    profile = JsonConvert.DeserializeObject<UserProfile>
(responseString);
                }

1 个答案:

答案 0 :(得分:3)

您正在使用应用程序令牌来检索用户信息。由于令牌中没有这种登录用户信息,因此预计会出错。要使用应用程序令牌读取用户信息,我们需要使用me替换users\{id | userPrincipalName},如下面的reuqest:

https://graph.windows.net/{tenant}/users/{id|userPrincipalName}?api-version=1.6

应用程序令牌通常用于守护程序服务,该服务通过客户端凭据流程获取。 有关此流程的更多详细信息,请参阅here

如果你想使用me keyworld,我们需要使用我们可以使用the OAuth 2 code grant flow获取的委托令牌。基于previews thread,您似乎正在开发一个Web应用程序。请检查有关使用Azure AD Graph进行开发的代码示例here以显示配置文件。以下是获取令牌的相关代码:

string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value;
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, new NaiveSessionCache(userObjectID));
ClientCredential credential = new ClientCredential(clientId, appKey);
result = await authContext.AcquireTokenSilentAsync(graphResourceId, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));

这是一篇关于Azure AD的authencation secnario的有用文档:

Authentication Scenarios for Azure AD

相关问题
最新问题