問題描述
我正在嘗試創建一個 C# 控制臺應用程序以連接到圖形 API 并從租戶的 AzureAD 獲取用戶列表.我已經注冊了應用程序,管理員給了我以下信息
I'm trying create a C# console application to connect to graph API and get a list of users from AzureAD from a tenant. I have registered the app and the admin has given me the following
- 租戶名稱和租戶 ID
- 客戶端 ID(有時也稱為應用 ID)
- 客戶端密碼
使用 sdk,我需要使用的 C# 代碼如下所示(https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=cs):
Using the sdk the C# code I need to use looks like this (https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=cs):
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var users = await graphClient.Users
.Request()
.GetAsync();
但是,控制臺應用程序將作為批處理運行,因此根本不會有用戶交互.因此,為了提供 authProvider,我在 MS 文檔網站上關注了這篇文章:https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS
However, the console application will run as a batch process so there will be no user interaction at all. So in order to provide the authProvider I followed this article on MS docs site: https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS
我認為出于我的目的,我需要使用客戶端憑據 OAuth 流程".該 URL 上顯示的代碼.但這里也是.
And I think for my purpose I need to go for the "Client Credential OAuth flow". The code which is shown on that URL. But here it is too.
IConfidentialClientApplication clientApplication = ClientCredentialProvider.CreateClientApplication(clientId, clientCredential);
ClientCredentialProvider authProvider = new ClientCredentialProvider(clientApplication);
問題在于 Visual Studio 無法識別 ClientCredentialProvider 類.我不確定要導入哪個程序集.我在頂部使用了以下用法.
The trouble is that Visual Studio does not recognise ClientCredentialProvider class. I'm not sure which assembly to import. I'm using the following usings in the top.
using Microsoft.Identity.Client;
using Microsoft.IdentityModel.Clients;
using Microsoft.IdentityModel;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
我對 GitHub 存儲庫不是很有經驗,我正在使用 Visual Studio 2015.我會對示例代碼感興趣;我看過但找不到.MS有一些講座,但他們使用另一種類型的身份驗證提供程序,它以交互方式進行身份驗證,這不是我想要的.我想使用 TenantId/ClientId 和 Client Secret 獲取令牌.
I'm not very experienced with GitHub repos and I'm using Visual Studio 2015. I would be interested in sample code; I have looked but cannot find any. MS have some lectures but they use another type of auth Provider which is authenticating interactively which is not what I'm looking for. I want obtain the token using the TenantId/ClientId and Client Secret.
推薦答案
ClientCredentialProvider 是 Microsoft.Graph.Auth 包的一部分.您可以在 https://github.com/microsoftgraph/msgraph-sdk 閱讀有關此軟件包的更多信息-dotnet-auth
ClientCredentialProvider is part of the Microsoft.Graph.Auth package. You can read more about this package at https://github.com/microsoftgraph/msgraph-sdk-dotnet-auth
請注意,此軟件包目前(截至 2019 年 5 月 15 日)處于預覽狀態,因此您可能需要等待,然后再在生產應用程序中使用它.
Note that this package is currently (as of 2019-05-15) in preview, so you may want to wait before using this in a production application.
或者,以下示例使用 Microsoft Authentication Library for .NET(MSAL) 直接使用純應用身份驗證設置 Microsoft Graph SDK:
Alternatively, the following example uses the Microsoft Authentication Library for .NET (MSAL) directly to set up the Microsoft Graph SDK using app-only authentication:
// The Azure AD tenant ID or a verified domain (e.g. contoso.onmicrosoft.com)
var tenantId = "{tenant-id-or-domain-name}";
// The client ID of the app registered in Azure AD
var clientId = "{client-id}";
// *Never* include client secrets in source code!
var clientSecret = await GetClientSecretFromKeyVault(); // Or some other secure place.
// The app registration should be configured to require access to permissions
// sufficient for the Microsoft Graph API calls the app will be making, and
// those permissions should be granted by a tenant administrator.
var scopes = new string[] { "https://graph.microsoft.com/.default" };
// Configure the MSAL client as a confidential client
var confidentialClient = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithAuthority($"https://login.microsoftonline.com/$tenantId/v2.0")
.WithClientSecret(clientSecret)
.Build();
// Build the Microsoft Graph client. As the authentication provider, set an async lambda
// which uses the MSAL client to obtain an app-only access token to Microsoft Graph,
// and inserts this access token in the Authorization header of each API request.
GraphServiceClient graphServiceClient =
new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {
// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
var authResult = await confidentialClient
.AcquireTokenForClient(scopes)
.ExecuteAsync();
// Add the access token in the Authorization header of the API request.
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
})
);
// Make a Microsoft Graph API query
var users = await graphServiceClient.Users.Request().GetAsync();
(請注意,此示例使用最新版本的 Microsoft.Identity.Client 包.早期版本(版本 3 之前)不包括 ConfidentialClientApplicationBuilder.)
(Note that this example uses the latest version of the Microsoft.Identity.Client package. Earlier versions (before version 3) did not include ConfidentialClientApplicationBuilder.)
這篇關于在 C# 中使用 authProvider 和 MS SDK 進行圖形調用的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!