在 C# 中使用 authProvider 和 MS SDK 进行图形调用

时间:2023-02-27
本文介绍了在 C# 中使用 authProvider 和 MS SDK 进行图形调用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

我正在尝试创建一个 C# 控制台应用程序以连接到图形 API 并从租户的 AzureAD 获取用户列表.我已经注册了应用程序,管理员给了我以下信息

I'm trying create a C# console application to connect to graph API and get a list of users from AzureAD from a tenant. I have registered the app and the admin has given me the following

  • 租户名称和租户 ID
  • 客户端 ID(有时也称为应用 ID)
  • 客户端密码

使用 sdk,我需要使用的 C# 代码如下所示(https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=cs):

Using the sdk the C# code I need to use looks like this (https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=cs):

GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var users = await graphClient.Users
    .Request()
    .GetAsync();

但是,控制台应用程序将作为批处理运行,因此根本不会有用户交互.因此,为了提供 authProvider,我在 MS 文档网站上关注了这篇文章:https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS

However, the console application will run as a batch process so there will be no user interaction at all. So in order to provide the authProvider I followed this article on MS docs site: https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS

我认为出于我的目的,我需要使用客户端凭据 OAuth 流程".该 URL 上显示的代码.但这里也是.

And I think for my purpose I need to go for the "Client Credential OAuth flow". The code which is shown on that URL. But here it is too.

IConfidentialClientApplication clientApplication = ClientCredentialProvider.CreateClientApplication(clientId, clientCredential);
ClientCredentialProvider authProvider = new ClientCredentialProvider(clientApplication);

问题在于 Visual Studio 无法识别 ClientCredentialProvider 类.我不确定要导入哪个程序集.我在顶部使用了以下用法.

The trouble is that Visual Studio does not recognise ClientCredentialProvider class. I'm not sure which assembly to import. I'm using the following usings in the top.

using Microsoft.Identity.Client;
using Microsoft.IdentityModel.Clients;
using Microsoft.IdentityModel;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

我对 GitHub 存储库不是很有经验,我正在使用 Visual Studio 2015.我会对示例代码感兴趣;我看过但找不到.MS有一些讲座,但他们使用另一种类型的身份验证提供程序,它以交互方式进行身份验证,这不是我想要的.我想使用 TenantId/ClientId 和 Client Secret 获取令牌.

I'm not very experienced with GitHub repos and I'm using Visual Studio 2015. I would be interested in sample code; I have looked but cannot find any. MS have some lectures but they use another type of auth Provider which is authenticating interactively which is not what I'm looking for. I want obtain the token using the TenantId/ClientId and Client Secret.

推荐答案

ClientCredentialProvider 是 Microsoft.Graph.Auth 包的一部分.您可以在 https://github.com/microsoftgraph/msgraph-sdk 阅读有关此软件包的更多信息-dotnet-auth

ClientCredentialProvider is part of the Microsoft.Graph.Auth package. You can read more about this package at https://github.com/microsoftgraph/msgraph-sdk-dotnet-auth

请注意,此软件包目前(截至 2019 年 5 月 15 日)处于预览状态,因此您可能需要等待,然后再在生产应用程序中使用它.

Note that this package is currently (as of 2019-05-15) in preview, so you may want to wait before using this in a production application.

或者,以下示例使用 Microsoft Authentication Library for .NET(MSAL) 直接使用纯应用身份验证设置 Microsoft Graph SDK:

Alternatively, the following example uses the Microsoft Authentication Library for .NET (MSAL) directly to set up the Microsoft Graph SDK using app-only authentication:

// The Azure AD tenant ID or a verified domain (e.g. contoso.onmicrosoft.com) 
var tenantId = "{tenant-id-or-domain-name}";

// The client ID of the app registered in Azure AD
var clientId = "{client-id}";

// *Never* include client secrets in source code!
var clientSecret = await GetClientSecretFromKeyVault(); // Or some other secure place.

// The app registration should be configured to require access to permissions
// sufficient for the Microsoft Graph API calls the app will be making, and
// those permissions should be granted by a tenant administrator.
var scopes = new string[] { "https://graph.microsoft.com/.default" };

// Configure the MSAL client as a confidential client
var confidentialClient = ConfidentialClientApplicationBuilder
    .Create(clientId)
    .WithAuthority($"https://login.microsoftonline.com/$tenantId/v2.0")
    .WithClientSecret(clientSecret)
    .Build();

// Build the Microsoft Graph client. As the authentication provider, set an async lambda
// which uses the MSAL client to obtain an app-only access token to Microsoft Graph,
// and inserts this access token in the Authorization header of each API request. 
GraphServiceClient graphServiceClient =
    new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {

            // Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
            var authResult = await confidentialClient
                .AcquireTokenForClient(scopes)
                .ExecuteAsync();

            // Add the access token in the Authorization header of the API request.
            requestMessage.Headers.Authorization = 
                new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
        })
    );

// Make a Microsoft Graph API query
var users = await graphServiceClient.Users.Request().GetAsync();

(请注意,此示例使用最新版本的 Microsoft.Identity.Client 包.早期版本(版本 3 之前)不包括 ConfidentialClientApplicationBuilder.)

(Note that this example uses the latest version of the Microsoft.Identity.Client package. Earlier versions (before version 3) did not include ConfidentialClientApplicationBuilder.)

这篇关于在 C# 中使用 authProvider 和 MS SDK 进行图形调用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

上一篇:升级到 5.0.0 后,TokenValidationParameters 不再工作 下一篇:无法从桌面控制台应用访问 Azure Key Vault

相关文章

最新文章