将authProvider与MS SDK一起用于C#中的图形调用

本文介绍了将authProvider与MS SDK一起用于C#中的图形调用的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试创建一个C#控制台应用程序以连接到图形API并从一个租户处从AzureAD获取用户列表.我已经注册了该应用，管理员已给我以下内容

I'm trying create a C# console application to connect to graph API and get a list of users from AzureAD from a tenant. I have registered the app and the admin has given me the following

租户名称和租户ID
客户端ID(有时也称为应用ID)
客户机密

使用SDK我需要使用的C#代码如下所示("> https://docs.microsoft.com/zh-CN/graph/api/user-list?view=graph-rest-1.0&tabs=cs ):

Using the sdk the C# code I need to use looks like this (https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=cs):

GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var users = await graphClient.Users
    .Request()
    .GetAsync();

但是，控制台应用程序将作为批处理进程运行，因此根本没有用户交互.因此，为了提供authProvider，我在MS docs网站上关注了这篇文章: https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS

However, the console application will run as a batch process so there will be no user interaction at all. So in order to provide the authProvider I followed this article on MS docs site: https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS

我认为出于我的目的，我需要参加客户端凭据OAuth流程".该URL上显示的代码.但是这里也是.

And I think for my purpose I need to go for the "Client Credential OAuth flow". The code which is shown on that URL. But here it is too.

IConfidentialClientApplication clientApplication = ClientCredentialProvider.CreateClientApplication(clientId, clientCredential);
ClientCredentialProvider authProvider = new ClientCredentialProvider(clientApplication);

问题在于Visual Studio无法识别ClientCredentialProvider类.我不确定要导入哪个程序集.我在顶部使用以下用法.

The trouble is that Visual Studio does not recognise ClientCredentialProvider class. I'm not sure which assembly to import. I'm using the following usings in the top.

using Microsoft.Identity.Client;
using Microsoft.IdentityModel.Clients;
using Microsoft.IdentityModel;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

我对GitHub存储库不是很有经验，并且我正在使用Visual Studio 2015.我看过但找不到. MS有一些讲座，但是他们使用另一种身份验证提供程序，它是交互式身份验证，这不是我想要的.我想使用TenantId/ClientId和Client Secret获取令牌.

I'm not very experienced with GitHub repos and I'm using Visual Studio 2015. I would be interested in sample code; I have looked but cannot find any. MS have some lectures but they use another type of auth Provider which is authenticating interactively which is not what I'm looking for. I want obtain the token using the TenantId/ClientId and Client Secret.

推荐答案

ClientCredentialProvider 是Microsoft.Graph.Auth程序包的一部分.您可以在 https://github.com/microsoftgraph/msgraph-sdk上了解有关此软件包的更多信息. -dotnet-auth

ClientCredentialProvider is part of the Microsoft.Graph.Auth package. You can read more about this package at https://github.com/microsoftgraph/msgraph-sdk-dotnet-auth

请注意，此软件包当前(截至2019年5月15日)处于预览状态，因此您可能需要等待，然后才能在生产应用程序中使用它.

Note that this package is currently (as of 2019-05-15) in preview, so you may want to wait before using this in a production application.

或者，下面的示例使用 .NET的Microsoft身份验证库 (MSAL)直接使用仅应用程序身份验证来设置Microsoft Graph SDK:

Alternatively, the following example uses the Microsoft Authentication Library for .NET (MSAL) directly to set up the Microsoft Graph SDK using app-only authentication:

// The Azure AD tenant ID or a verified domain (e.g. contoso.onmicrosoft.com)
var tenantId = "{tenant-id-or-domain-name}";

// The client ID of the app registered in Azure AD
var clientId = "{client-id}";

// *Never* include client secrets in source code!
var clientSecret = await GetClientSecretFromKeyVault(); // Or some other secure place.

// The app registration should be configured to require access to permissions
// sufficient for the Microsoft Graph API calls the app will be making, and
// those permissions should be granted by a tenant administrator.
var scopes = new string[] { "https://graph.microsoft.com/.default" };

// Configure the MSAL client as a confidential client
var confidentialClient = ConfidentialClientApplicationBuilder
    .Create(clientId)
    .WithAuthority($"https://login.microsoftonline.com/$tenantId/v2.0")
    .WithClientSecret(clientSecret)
    .Build();

// Build the Microsoft Graph client. As the authentication provider, set an async lambda
// which uses the MSAL client to obtain an app-only access token to Microsoft Graph,
// and inserts this access token in the Authorization header of each API request.
GraphServiceClient graphServiceClient =
    new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {

            // Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
            var authResult = await confidentialClient
                .AcquireTokenForClient(scopes)
                .ExecuteAsync();

            // Add the access token in the Authorization header of the API request.
            requestMessage.Headers.Authorization =
                new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
        })
    );

// Make a Microsoft Graph API query
var users = await graphServiceClient.Users.Request().GetAsync();

(请注意，此示例使用Microsoft.Identity.Client程序包的最新版本.早期版本(版本3之前)未包含 ConfidentialClientApplicationBuilder .)

(Note that this example uses the latest version of the Microsoft.Identity.Client package. Earlier versions (before version 3) did not include ConfidentialClientApplicationBuilder.)

这篇关于将authProvider与MS SDK一起用于C#中的图形调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！