如何使用“ Microsoft.Graph”而不是“ Microsoft.Azure.ActiveDirectory.GraphClient”来使用Azure广告SSO B2B

时间:2018-10-04 06:09:16

标签: azure-active-directory microsoft-graph

enter image description here

我正在为我的Web应用程序创建一个应用程序,但是我只想使用Microsoft.Graph而不是ActiveDirectory.GraphClient,如果可以的话,怎么办?

services.Configure<CookiePolicyOptions>(options =>
            {
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });

            services.AddAuthentication(AzureADDefaults.AuthenticationScheme)
                .AddAzureAD(options => Configuration.Bind("AzureAd", options));

            services.Configure<OpenIdConnectOptions>(AzureADDefaults.OpenIdScheme, options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = false,
                    NameClaimType = ClaimTypes.Name,
                    RoleClaimType = ClaimTypes.Role,
                };

                options.Scope.Add("openid profile User.ReadWrite User.ReadBasic.All Sites.ReadWrite.All Contacts.ReadWrite People.Read Notes.ReadWrite.All Tasks.ReadWrite Mail.ReadWrite Files.ReadWrite.All Calendars.ReadWrite");
                options.Events = new OpenIdConnectEvents
                {
                    OnTicketReceived = context =>
                    {
                        return Task.CompletedTask;
                    },
                    OnAuthenticationFailed = context =>
                    {
                        context.Response.Redirect("/Error");
                        context.HandleResponse(); // Suppress the exception
                        return Task.CompletedTask;
                    },
                };
            });

1 个答案:

答案 0 :(得分:1)

最简单的答案是遵循“ Get Started of ASPNET”,然后更改逻辑以适合您的要求。

自己动手做: 使用Nuget安装“ Microsoft.Graph ”,然后在项目的配置文件(NETCore的appsettings.json)中修改 GraphScopes

"AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "CallbackPath": "/signin-oidc",
    "BaseUrl": "https://localhost:44334",
    "ClientId": "your client id",
    "ClientSecret": "your secret", // This sample uses a password (secret) to authenticate. Production apps should use a certificate.
    "Scopes": "openid email profile offline_access",
    "GraphResourceId": "https://graph.microsoft.com/",
    "GraphScopes": "User.Read User.ReadBasic.All Mail.Send 
  }

如下修改配置服务代码:

 services.AddAuthentication(sharedOptions =>
            {
                sharedOptions.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddAzureAd(options => Configuration.Bind("AzureAd", options))
            .AddCookie();