我们使用带有Owin Oauth身份验证的Microsoft Graph构建了Microsoft MVC应用程序。一切似乎对大多数用户有效,但是有少量用户静默令牌不起作用。
每次此用户尝试访问Microsoft Graph时,我们都会收到AuthenticationFailure,Caller需要进行身份验证,但用户可以登录。
出于某种原因,这个用户现在可以访问One Drive而不用我们做任何事情,但几天前它没有用。但是此人无法访问SharePoint网站。此人也拥有比我更高的权限,他是Office 365 / SharePoint管理员之一。
如果我们检查令牌,那么当用户再次尝试登录时,会为这些用户更新缓存,并且我还尝试删除所有缓存以查看它是否有效。
我们无法发现代码有任何问题。
无效:
{
typ: "JWT",
nonce: "AQABAAAAAAA9kTklhVy7SJTGAzR-p1Bczrtr_wq7McwtSbPfo4aECokKdbsOZ1i6087v4nyBvi1qnYdsVoB1VvdentDl9EkV_det7OZvBatOHJhJDglpLCAA",
alg: "RS256",
x5t: "VWVIc1WD1Tksbb301sasM5kOq5Q",
kid: "VWVIc1WD1Tksbb301sasM5kOq5Q"
}.
{
aud: "https://graph.microsoft.com",
iss: "https://sts.windows.net/GUID/",
iat: 1503302799,
nbf: 1503302799,
exp: 1503306699,
acr: "1",
aio: "Y2FgYEgImX+jxi7wfviVJq/tp+LTb3+1+dhVdybllXxEqPnsvC4A",
amr: [
"pwd"
],
app_displayname: "App",
appid: "f53962c3-2bd4-4302-adcf-49d9a93ccef0",
appidacr: "1",
deviceid: "08c173b6-e694-4df7-9009-33d1bcd4816a",
e_exp: 262800,
family_name: "Last name",
given_name: "First name",
ipaddr: "217.10.98.37",
name: "First name Last name",
oid: "794781b4-0d07-45ba-886b-39de7db6cb26",
platf: "3",
puid: "10037FFE822DF7CE",
scp: "Files.Read Files.ReadWrite Files.ReadWrite.All Files.ReadWrite.AppFolder Sites.Read.All User.Read",
signin_state: [
"kmsi"
],
sub: "AWDO_-uMHsb5Z9_3_NZZXt0B9raHXf4WJDQyYDIndnw",
tid: "34e9a1f3-23e1-4ead-b2fd-41660c25cc47",
unique_name: "Firstname.Lastname@Company.com",
upn: "Firstname.Lastname@Company.com",
uti: "vS8Dt5Ti8UC-MfWzW9w4AA",
ver: "1.0",
wids: [
"62e90394-69f5-4237-9190-012177145e10"
]
}.
工作:
{
typ: "JWT",
nonce: "AQABAAAAAAA9kTklhVy7SJTGAzR-p1Bc8SYQkFxaUuQmF53LfeErsJ2wrzDuI3DNK5BeYrzqN2n6wBbg6m01AElY4d3MBVS5f6vEaT7zzHhxH4A-76fJmiAA",
alg: "RS256",
x5t: "VWVIc1WD1Tksbb301sasM5kOq5Q",
kid: "VWVIc1WD1Tksbb301sasM5kOq5Q"
}.
{
aud: "https://graph.microsoft.com",
iss: "https://sts.windows.net/GUID/",
iat: 1503302938,
nbf: 1503302938,
exp: 1503306838,
acr: "1",
aio: "ASQA2/8EAAAA29TpgRDNkbS6xeBrV4uP2ap1cS5uk8q8f6w/S9BDZAA=",
amr: [
"pwd"
],
app_displayname: "App",
appid: "f53962c3-2bd4-4302-adcf-49d9a93ccef0",
appidacr: "1",
e_exp: 262800,
family_name: "Last name",
given_name: "First name",
ipaddr: "217.10.98.37",
name: "First name Last name",
oid: "4f64d4db-8115-4f19-8554-bedf20688226",
platf: "3",
puid: "1003BFFD8CBEE8BE",
scp: "Files.Read Files.ReadWrite Files.ReadWrite.All Files.ReadWrite.AppFolder Sites.Read.All User.Read",
signin_state: [
"kmsi"
],
sub: "QrnV0lz7zBFkTPM9EJDavezILP96Uig45PpFxhRp3gk",
tid: "34e9a1f3-23e1-4ead-b2fd-41660c25cc47",
unique_name: "Firstname.Lastname@Company.com",
upn: "Firstname.Lastname@Company.com",
uti: "d9WDLYW2uE2UDIl6u9BKAA",
ver: "1.0"
}.
我们正在使用以下代码: https://github.com/microsoftgraph/aspnet-connect-sample
这里有一点背景知识: Microsoft Graph, upload to sharepoint drive: The caller is not authenticated