使用访问令牌和MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory的LoginAsync

时间:2018-10-21 00:52:53

标签: azure-active-directory azure-web-sites azure-mobile-services

我收到“您无权查看此目录或页面。”当我尝试使用访问令牌和LoginAsync MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory时出错。这适用于MobileServiceAuthenticationProvider.MicrosoftAccount的等效形式。我不确定为什么这行不通。是否缺少我的配置?

var msaProvider = await WebAuthenticationCoreManager.FindAccountProviderAsync(
"https://login.microsoft.com",
"https://login.microsoftonline.com/3dd13bb9-5d0d-dd2e-9d1e-7a966131bf85");
string clientId = "6d15468d-9dbe-4270-8d06-a540dab3252f";
WebTokenRequest request1 = new WebTokenRequest(msaProvider, "User.Read", clientId);
request1.Properties.Add("resource", "https://graph.microsoft.com");
WebTokenRequestResult result =
await WebAuthenticationCoreManager.RequestTokenAsync(request1);
    if (result.ResponseStatus == WebTokenRequestStatus.Success)
    {
        var token = result.ResponseData[0].Token;
        var token1 = new JObject
                {
                    { "access_token", token }
                };
        var user = await App.mobileServiceClient.LoginAsync(
            MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, token1);

1 个答案:

答案 0 :(得分:0)

我能够通过下面的代码使MSAL.NET能够为此工作。关键是{ resourceId + "/user_impersonation" }范围。

PublicClientApplication pca = new PublicClientApplication(clientId)
                    {
                        RedirectUri = redirectUri
                    };
                    string[] scopes = { resourceId + "/user_impersonation" };
                    var users = await pca.GetAccountsAsync();
                    var user = users.FirstOrDefault();
                    AuthenticationResult msalar = await pca.AcquireTokenAsync(
                        scopes, user, UIBehavior.ForceLogin, "domain_hint=test.net");
                         payload = new JObject
                         {
                             ["access_token"] = msalar.AccessToken
                         };
 mobileServiceClient.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, payload);

参考:https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/660#issuecomment-433831737