c# - Microsoft Graph 的 SSO 对 UWP 的 Sharepoint Online 调用返回无令牌

问题描述

所以我一直在为这个 UWP App 工作。我在我的开发者网站上运行了一个测试程序并让它完美运行。我重新创建了 UWP 应用程序以在我公司的平台上访问它，但我遇到了障碍。当我尝试提交数据时，我收到 MsalUIRequiredException 错误。

{Microsoft.Identity.Client.MsalUiRequiredException: Null user was passed in AcquiretokenSilent API. Pass in a user object or call acquireToken authenticate.
   at Microsoft.Identity.Client.Internal.Requests.SilentRequest..ctor(AuthenticationRequestParameters authenticationRequestParameters, Boolean forceRefresh)
   at Microsoft.Identity.Client.ClientApplicationBase.<AcquireTokenSilentCommonAsync>d__34.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.ClientApplicationBase.<AcquireTokenSilentAsync>d__31.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at AshburnGeneratorApp.Authentication.<AquireTokenAsync>d__0.MoveNext()
    ErrorCode: user_null
    StatusCode: 0
    Claims: }

我可以看到它告诉我使用特定于租户的端点或/组织，我认为我是。所以这就是我感到困惑的地方。

{Microsoft.Identity.Client.MsalServiceException: AADSTS90130: Application '87f68831-d1ea-493c-8b94-e61fcd1c4a08' (AshburnGeneratorApp) is not supported over the /common or /consumers endpoints. Please use the /organizations or tenant-specific endpoint.
Trace ID: 888ba8ca-400f-43f9-8267-290c8e748100
Correlation ID: 121ef843-ef32-4126-aea8-0e17322df657
Timestamp: 2018-08-21 11:06:35Z
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.VerifyAuthorizationResult()
   at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.<PreTokenRequestAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__33.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.PublicClientApplication.<AcquireTokenForLoginHintCommonAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Identity.Client.PublicClientApplication.<AcquireTokenAsync>d__6.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at AshburnGeneratorApp.Authentication.<AquireTokenAsync>d__0.MoveNext()
    ErrorCode: invalid_request
    StatusCode: 0
    Claims: }

PUT 将

https://graph.microsoft.com/v1.0/sites/companyname.sharepoint.com,495435b4-60c3-49b7-8f6e-1d262a120ae5,0fad9f67-35a8-4c0b-892e-113084058c0a/lists/18a725ac-83ef-48fb-a5cb-950ca2378fd0/items

其中“公司名称”是我的实际公司名称。

如果我在 Graph Explorer 上运行 GET，则链接效果很好。所以我知道我在某处遗漏了一些简单的东西。

以下代码启动身份验证：

private async void SubmitButton_Click(object sender, RoutedEventArgs e)
        {
            var (authResult, message) = await Authentication.AquireTokenAsync();
            ResultText.Text = message;

            if (authResult != null)
            {
                await SubmitDataWithTokenAsync(submiturl, authResult.AccessToken);
            }
        }

这将调用此代码：

public static async Task<(AuthenticationResult authResult, string message)> AquireTokenAsync()
        {
            AuthenticationResult authResult = null;
            string message = String.Empty;
            string[] scopes = App.scopes;

            try
            {
                authResult = await App.PublicClientApp.AcquireTokenSilentAsync(scopes, App.PublicClientApp.Users.FirstOrDefault());
            }
            catch (MsalUiRequiredException ex)
            {
                // A MsalUiRequiredException happened on AcquireTokenSilentAsync. This indicates you need to call AcquireTokenAsync to acquire a token
                System.Diagnostics.Debug.WriteLine($"MsalUiRequiredException: {ex.Message}");

                try
                {
                    authResult = await App.PublicClientApp.AcquireTokenAsync(scopes);
                }
                catch (MsalException msalex)
                {
                    message = $"Error Acquiring Token:{System.Environment.NewLine}{msalex}";
                }
            }
            catch (Exception ex)
            {
                message = $"Error Acquiring Token Silently:{System.Environment.NewLine}{ex}";
            }
            return (authResult, message);
        }

范围集

public static string[] scopes = new string[] { "user.ReadWrite", "Sites.ReadWrite.All" };

最后一点代码

private static string ClientId = "87f68831-d1ea-493c-8b94-e61fcd1c4a08";

public static PublicClientApplication PublicClientApp { get; } = new PublicClientApplication(ClientId);

标签： c#uwpsingle-sign-onmicrosoft-graph-api