問題描述

我們使用 Azure AD 進行身份驗證并每 30 分鐘獲取一次刷新的訪問令牌.我們調用下面的方法來獲取安全令牌并將其添加到請求頭中.

We are using Azure AD to authenticate and get the refreshed access token every 30 mins. We invoke below method which acquires security token and add it to request header.

var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
var authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectId));
var credential = new ClientCredential(ConfigurationManager.AppSettings["ida:ClientId"],
ConfigurationManager.AppSettings["ida:ClientSecret"]);

    try
    {
    var authenticationResult = authContext.AcquireTokenSilent(ConfigurationManager.AppSettings["WebAPIBaseAddress"], credential, new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
    //set cookie for azure oauth refresh token - on successful login
    var httpCookie = HttpContext.Current.Response.Cookies["RefreshToken"];
    if (httpCookie != null)
        httpCookie.Value = authenticationResult.RefreshToken;

    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authenticationResult.AccessToken);
    }
    catch
    {
    //Get access token using Refresh Token 
    var authenticationResult = authContext.AcquireTokenByRefreshToken(httpCookie.Value, credential, ConfigurationManager.AppSettings["WebAPIBaseAddress"]);
    }

在上述方法中，我們使用了 AcquireTokenSilent 方法，它為我們提供了訪問令牌.由于訪問令牌僅持續一段時間.過期后，我們調用 AcquireTokenByRefreshToken 獲取刷新令牌.

In above method, we have used AcquireTokenSilent method which gives us access token. Since access token lasts only for certain period of time. After its expiry, we call AcquireTokenByRefreshToken to get refresh token.

上面的代碼運行良好，但是我們隨機出現以下異常:

The above code works well, however we are getting below exception randomly:

Microsoft.IdentityModel.Clients.ActiveDirectory.AdalSilentTokenAcquisitionException: Failed to acquire token silently. Call method AcquireToken 
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenSilentHandler.SendTokenRequestAsync() 
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.<RunAsync>d__0.MoveNext()
ErrorCode: failed_to_acquire_token_silently

這種不一致的行為可能是什么原因?相同的代碼在少數環境(Stage/Dev)上工作，但它在生產環境中隨機拋出錯誤.

What could be the reason of such inconsistent behaviour? The same code is working on few environments (Stage/Dev) but its throwing error randomly on Production.

請提出建議.

推薦答案

我們能夠解決這個問題.這似乎是代碼本身的一個小錯誤.當 AccessToken 過期時，它會拋出一個異常，并嘗試在 catch 塊中使用 AcquireTokenByRefreshToken 獲取一個新的.這里我們沒有在 Cookie 中設置新收到的刷新令牌.我們還需要在 catch 塊中添加以下語句，以便它可以獲取 Refresh 令牌，然后可以將其傳回以生成新的 Access Token.

We were able to resolve this. It seems to be a small mistake in the code itself. When the AccessToken expires, it throws an exception and it tries to fetch a new one using AcquireTokenByRefreshToken in the catch block. Here we were not setting the newly received refresh token back in the Cookie. We need to add below statement in the catch block also, so that it would get the Refresh token, which can then be passed back to generate a new Access Token.

httpCookie.Value = authenticationResult.RefreshToken;

這篇關于Azure - AD - AcquireTokenSilent 給出錯誤 failed_to_acquire_token_silently的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！