How to access domain users' calendar using service account in .net?

debugcn 에 게시 Dev

Carol

I am using service account with key.p12 cert to access google calendar API. However, it cannot access any user's calendar in the domain. I did follow the steps to Delegating domain-wide authority to the service account https://developers.google.com/accounts/docs/OAuth2ServiceAccount

It does not have code sample for .net. And it seems I only get ServiceAccountCredential in the google .net client library. Here is my code

    static void Main(string[] args)
    {
        string serviceAccountEmail = "[email protected]";
        var certificate = new X509Certificate2(@"clientPrivateKey.p12", "notasecret",  X509KeyStorageFlags.Exportable);

        Console.WriteLine("service account: {0}", serviceAccountEmail);

        ServiceAccountCredential credential = new ServiceAccountCredential(new
        ServiceAccountCredential.Initializer(serviceAccountEmail)
        {
            Scopes = new[] { CalendarService.Scope.Calendar }
        }.FromCertificate(certificate));

        BaseClientService.Initializer initializer = new  BaseClientService.Initializer();            

        initializer.HttpClientInitializer = credential;           
        initializer.ApplicationName = "Google Calendar Sample";
        CalendarService calservice = new CalendarService(initializer);

        // list all the calendars it can see
        try
        {
            var list = calservice.CalendarList.List().Execute();

            if (list.Items.Count > 0)
            {
                foreach(var item in list.Items)
                {
                    Console.WriteLine("Found calendar for account {0}", item.Id);
                }
            }
            else
            {
                Console.WriteLine("Calendar list for this service account is empty");
            }
        }
        catch(Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
    }

The calendar list is always empty. If I manually share my domain account calendar with this service account in the calendar setting, then this code returns my domain account calendar successfully.

Is there a way to make this service account access all the user's calendar in the domain?

Carol

Actually, the code should use service account to "impersonate" the domain users one by one, rather than trying to share calendars with service account.

    ServiceAccountCredential.Initializer(serviceAccountEmail)
    {
        Scopes = new[] { CalendarService.Scope.Calendar },
        User = "[email protected]" // impersonate domain user
    }.FromCertificate(certificate));

Also need follow the steps for Delegating domain-wide authority to the service account in google domain admin console, and add the right scope( for calendar, it is https://www.googleapis.com/auth/calendar )

이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.

침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제

에서 수정2021-06-1

몇 마디 만하겠습니다

0리뷰

로그인참여 후 검토

Related 관련 기사

기사