c# - Microsoft Graph 的 SSO 对 UWP 的 Sharepoint Online 调用返回无令牌
问题描述
所以我一直在为这个 UWP App 工作。我在我的开发者网站上运行了一个测试程序并让它完美运行。我重新创建了 UWP 应用程序以在我公司的平台上访问它,但我遇到了障碍。当我尝试提交数据时,我收到 MsalUIRequiredException 错误。
{Microsoft.Identity.Client.MsalUiRequiredException: Null user was passed in AcquiretokenSilent API. Pass in a user object or call acquireToken authenticate.
at Microsoft.Identity.Client.Internal.Requests.SilentRequest..ctor(AuthenticationRequestParameters authenticationRequestParameters, Boolean forceRefresh)
at Microsoft.Identity.Client.ClientApplicationBase.<AcquireTokenSilentCommonAsync>d__34.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.ClientApplicationBase.<AcquireTokenSilentAsync>d__31.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at AshburnGeneratorApp.Authentication.<AquireTokenAsync>d__0.MoveNext()
ErrorCode: user_null
StatusCode: 0
Claims: }
我可以看到它告诉我使用特定于租户的端点或/组织,我认为我是。所以这就是我感到困惑的地方。
{Microsoft.Identity.Client.MsalServiceException: AADSTS90130: Application '87f68831-d1ea-493c-8b94-e61fcd1c4a08' (AshburnGeneratorApp) is not supported over the /common or /consumers endpoints. Please use the /organizations or tenant-specific endpoint.
Trace ID: 888ba8ca-400f-43f9-8267-290c8e748100
Correlation ID: 121ef843-ef32-4126-aea8-0e17322df657
Timestamp: 2018-08-21 11:06:35Z
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.VerifyAuthorizationResult()
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<PreTokenRequestAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__33.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.PublicClientApplication.<AcquireTokenForLoginHintCommonAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.PublicClientApplication.<AcquireTokenAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at AshburnGeneratorApp.Authentication.<AquireTokenAsync>d__0.MoveNext()
ErrorCode: invalid_request
StatusCode: 0
Claims: }
PUT 将
https://graph.microsoft.com/v1.0/sites/companyname.sharepoint.com,495435b4-60c3-49b7-8f6e-1d262a120ae5,0fad9f67-35a8-4c0b-892e-113084058c0a/lists/18a725ac-83ef-48fb-a5cb-950ca2378fd0/items
其中“公司名称”是我的实际公司名称。
如果我在 Graph Explorer 上运行 GET,则链接效果很好。所以我知道我在某处遗漏了一些简单的东西。
以下代码启动身份验证:
private async void SubmitButton_Click(object sender, RoutedEventArgs e)
{
var (authResult, message) = await Authentication.AquireTokenAsync();
ResultText.Text = message;
if (authResult != null)
{
await SubmitDataWithTokenAsync(submiturl, authResult.AccessToken);
}
}
这将调用此代码:
public static async Task<(AuthenticationResult authResult, string message)> AquireTokenAsync()
{
AuthenticationResult authResult = null;
string message = String.Empty;
string[] scopes = App.scopes;
try
{
authResult = await App.PublicClientApp.AcquireTokenSilentAsync(scopes, App.PublicClientApp.Users.FirstOrDefault());
}
catch (MsalUiRequiredException ex)
{
// A MsalUiRequiredException happened on AcquireTokenSilentAsync. This indicates you need to call AcquireTokenAsync to acquire a token
System.Diagnostics.Debug.WriteLine($"MsalUiRequiredException: {ex.Message}");
try
{
authResult = await App.PublicClientApp.AcquireTokenAsync(scopes);
}
catch (MsalException msalex)
{
message = $"Error Acquiring Token:{System.Environment.NewLine}{msalex}";
}
}
catch (Exception ex)
{
message = $"Error Acquiring Token Silently:{System.Environment.NewLine}{ex}";
}
return (authResult, message);
}
范围集
public static string[] scopes = new string[] { "user.ReadWrite", "Sites.ReadWrite.All" };
最后一点代码
private static string ClientId = "87f68831-d1ea-493c-8b94-e61fcd1c4a08";
public static PublicClientApplication PublicClientApp { get; } = new PublicClientApplication(ClientId);
解决方案
我知道这很简单。我还没有为 v2.0 注册该应用程序。一旦我这样做了,一切都很好。
推荐阅读
- python - 无法构建模型作为后端。挤压没有层
- python - 如何提取抓取图像的文件修改时间?
- android - W/OpenGLRenderer:无法选择带有 EGL_SWAP_BEHAVIOR_PRESERVED 的配置,重试时没有
- laravel - 登录laravel后如何运行功能
- javascript - Javascript将字符串转换为数字
- r - 使用 R 对不同时隙中的时间进行分类
- php - 如何通过在 laravel 5.6 中级联在下拉列表中显示?
- android - Facebook 开发者预览版的 APK 架构
- performance - Julia 1.0 中的慢(重复)矩阵乘法
- c# - C#程序更改鼠标灵敏度