使用C＃刷新MS Graph的身份验证令牌

debugcn 发表于 Dev

法鲁克·诺拉莫多夫（Farrukh Normuradov）

如何使用Microsoft Graph .NET客户端库或其他使用C＃刷新Microsoft Graph的身份验证令牌？

我目前正在做的是将令牌保留在静态类中：

public class TokenKeeper
{
    public static string token = null;
    public static string AcquireToken()
    {
        if (token == null || token.IsEmpty())
        {
            throw new Exception("Authorization Required.");
        }
        return token;
    }
    public static void Clear()
    {
        token = null;
    }
}

我在启动类中填写令牌：

public partial class Startup
{
    private static string AppKey = CloudConfigurationManager.GetSetting("ida:Password");
    private static string aadInstance = CloudConfigurationManager.GetSetting("ida:AADInstance");
    private static string TenantName = CloudConfigurationManager.GetSetting("ida:Tenant");
    private static string Authority = String.Format(CultureInfo.InvariantCulture, aadInstance, TenantName);
    private static string graphResourceId = CloudConfigurationManager.GetSetting("ida:GraphUrl");
    private BpContext db = new BpContext();

    public void Configuration(IAppBuilder app)
    {
        ConfigureAuth(app);
    }

    public void ConfigureAuth(IAppBuilder app)
    {
        string ClientId = CloudConfigurationManager.GetSetting("ida:ClientID");
        string Authority = "https://login.microsoftonline.com/common/";

        app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());

        app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                ClientId = ClientId,
                Authority = Authority,
                Scope = "User.ReadBasic.All",
                //Details omitted
                    AuthorizationCodeReceived = (context) =>
                    {
                        var code = context.Code;
                        // Create a Client Credential Using an Application Key
                        ClientCredential credential = new ClientCredential(ClientId, AppKey);
                        string userObjectID = context.AuthenticationTicket.Identity.FindFirst(
                            "http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
                        AuthenticationContext authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectID));
                        AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode(
                            code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId);                    
                        TokenKeeper.token = result.AccessToken;

                        return Task.FromResult(0);
                    }
                     //Details omitted
                }
            });
    }
}

我还会在“退出”上清除令牌。

斯里拉姆·达纳塞斯卡兰（Sriram Dhanasekaran）

AuthenticationResult对象包含访问令牌和刷新令牌。因此，刷新令牌也可以类似于访问令牌一样保留在TokenKeeper中。当访问令牌过期时（由AuthenticationResult.ExpiresOn指示），将刷新令牌与AuthenticationContext.AcquireTokenByRefreshToken方法一起使用以获取新的访问令牌。

如果您不想显式跟踪刷新令牌，请参考ADAL缓存以了解ADAL库如何为您完成此任务。

本文收集自互联网，转载请注明来源。

如有侵权，请联系[email protected] 删除。