Restsharp 对 microsoft graph 的请求未经授权返回

问题描述 投票:0回答:1

我正在尝试使用 RestSharp 请求访问一些图形项目。我知道我需要以某种方式使用客户端 ID 和秘密来获取令牌并使用它进行授权,但这对所有这一切来说都是新的,并且不知道如何做到这一点。我正在使用 openIDConnect 对 Azure 进行初始授权,这是我的请求代码:

protected void btnRestSharp_Click(object sender, EventArgs e)
{
    ClaimsIdentity identity = this.User.Identity as ClaimsIdentity;
    string email = identity.Claims.FirstOrDefault(x => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name")?.Value;

    var client = new RestSharp.RestClient("https://graph.microsoft.com");

    var request = new RestSharp.RestRequest($"/v1.0/users/" + email + "?$select=jobTitle,employeeId,officeLocation,department", RestSharp.Method.Get);
    var callbackResult = client.Execute(request);

    if (callbackResult.StatusCode == HttpStatusCode.OK)
    {
        lblRestSharp.Text = "OK";
    }
    else
    {
        lblRestSharp.Text = "status code:  " + callbackResult.StatusCode.ToString();
    }
}

以上是我第一次也是唯一一次尝试访问实际生成响应代码的图表。

azure restsharp clientid
1个回答
0
投票

您需要首先从身份服务器的 OAuth 端点获取令牌。

您应该使用服务主体进行身份验证。如果您尚未创建,请按照此处的步骤操作:

https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal

完成后,您拥有tenantId、clientId和clientSecret,您可以进行身份验证并调用Graph API。确保您根据需要向服务主体分配了角色/权限。这里最主要的是,您将从身份验证服务器获取令牌并将其作为 Authorization 标头与未来的图形请求一起发送。这是使用 RestSharp 的示例。

using RestSharp;
using System;

class Program
{
    static void Main()
    {
        // Azure AD details
        string tenantId = "YOUR_TENANT_ID";
        string clientId = "YOUR_CLIENT_ID";
        string clientSecret = "YOUR_CLIENT_SECRET";
        string tokenEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token";

        // Authenticate and get access token
        var client = new RestClient(tokenEndpoint);
        var request = new RestRequest(Method.POST);
        request.AddParameter("scope", "https://graph.microsoft.com/.default");
        request.AddParameter("client_id", clientId);
        request.AddParameter("client_secret", clientSecret);
        request.AddParameter("grant_type", "client_credentials");

        var response = client.Execute(request);
        var tokenResponse = Newtonsoft.Json.JsonConvert.DeserializeObject<TokenResponse>(response.Content);
        string accessToken = tokenResponse.AccessToken;

        // Make API call to Azure Graph API
        var graphClient = new RestClient("https://graph.microsoft.com/v1.0/users");
        var graphRequest = new RestRequest(Method.GET);
        graphRequest.AddHeader("Authorization", $"Bearer {accessToken}");

        var graphResponse = graphClient.Execute(graphRequest);
        Console.WriteLine(graphResponse.Content);
    }
}

public class TokenResponse
{
    public string AccessToken { get; set; }
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.