错误消息:InteractiveBrowserCredential 身份验证失败:基于浏览器的身份验证对话框无法完成。原因:下载失败(连接中断)
目标是通过使用交互式登录从 Azure AD 获取我自己的用户属性(电子邮件、UPN 等)?我不想使用证书或秘密。
以下代码一直运行良好,直到我几天前升级到 Windows 11 23H1。看起来令牌正在被缓存。但这只是一个无根据的猜测。
我应该补充一点,代码每隔第二次、第三次或第四次尝试就可以任意运行。有时,它会弹出登录屏幕;有时,事实并非如此。
这样做时,有时会降低用户属性,有时则不会。
如果登录屏幕不显示,它永远不会绘制用户属性。
static async Task getMyDetailsFromAzure(string tenantId, string clientId, string logToFile)
{
try
{
RegistryKey keyHKCU = Registry.CurrentUser.OpenSubKey(@"Software\AppName", true);
try
{
if (keyHKCU == null)
{
keyHKCU = Registry.CurrentUser.CreateSubKey(@"Software\AppName");
}
}
catch { }
if (keyHKCU != null)
{
string[] requiredAttribs = {
"BusinessPhones"
,"City"
,"CompanyName"
,"Country"
,"Department"
,"DisplayName"
,"EmployeeId"
,"FaxNumber"
,"GivenName"
,"JobTitle"
,"Mail"
,"MailNickname"
,"MobilePhone"
,"OfficeLocation"
,"PostalCode"
,"State"
,"StreetAddress"
,"Surname"
,"UserPrincipalName"};
var scopes = new[] { "User.Read" };
var options = new InteractiveBrowserCredentialOptions
{
TenantId = tenantId,
ClientId = clientId,
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
RedirectUri = new Uri("https://login.microsoftonline.com/common/oauth2/nativeclient"),
};
var interactiveCredential = new InteractiveBrowserCredential(options);
var graphClient = new GraphServiceClient(interactiveCredential, scopes);
try
{
var result = await graphClient.Me.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Select = requiredAttribs;
});
var propertyNames = result.GetType().GetProperties();
foreach (var property in propertyNames)
{
if (requiredAttribs.Contains(property.Name, StringComparer.OrdinalIgnoreCase))
{
if (property.Name.ToLower().Equals("businessphones"))
{
int counter = 1;
foreach (var phone in result.BusinessPhones)
{
if (phone != null)
try
{
keyHKCU.SetValue("az_" + property.Name.ToLower() + counter, phone);
counter = counter + 1;
}
catch { }
}
}
else
{
if (property.GetValue(result) != null)
try
{
keyHKCU.SetValue("az_" + property.Name.ToLower(), property.GetValue(result));
}
catch { }
}
}
}
}
catch (Exception ex)
{
cLogger.WriteToFileThreadSafe($"Error fetching user details from Azure AD (1) : {ex.Message}", logToFile);
}
}
else
{
cLogger.WriteToFileThreadSafe($"Could not create the registry path.", logToFile);
}
}
catch (Exception ex) { cLogger.WriteToFileThreadSafe($"Error fetching user details from Azure AD (2) : {ex.Message}", logToFile); }
}
我找到了解决我的问题的方法。我使用了“BrowserCustomizationOptions”类,并请求应用程序使用默认浏览器而不是EmbeddedWebView浏览器。
var options = new InteractiveBrowserCredentialOptions
{
TenantId = tenantId,
ClientId = clientId,
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
RedirectUri = new Uri("http://localhost:5453"),
BrowserCustomization = new BrowserCustomizationOptions {
ErrorMessage = "Authentication failed",
SuccessMessage = "Authentication succeeded",
UseEmbeddedWebView = false,
}
};