解密和实战 Microsoft Identity Platform https://identityplatform.xizhang.com
作者:陈希章 时间:2022年2月
React
Node.js
ASP.NET Core
Xamarin, WPF, Console
Azure function +Python,Power Automate
React,手机验证码登录和微信登录
Graph explorer & Postman
PowerShell
注意重定向地址
安装 Microsoft.Identity.Client 和 Microsoft.Graph
Microsoft.Identity.Client
Microsoft.Graph
创建 PublicClientApplication
using Microsoft.Graph; using Microsoft.Identity.Client; var scopes = new[] { "User.Read" }; var tenantId = "3a6831ab-6304-4c72-8d08-3afe544555dd"; var clientId = "87700721-9a44-4470-9099-d079aab1c3d6"; var pca = PublicClientApplicationBuilder .Create(clientId) .WithTenantId(tenantId) .WithRedirectUri("http://localhost") .Build();
authProvider
GraphServiceClient
最为推荐的方式 : pca.AcquireTokenInteractive
pca.AcquireTokenInteractive
var authProvider = new DelegateAuthenticationProvider(async (request) => { var result = await pca.AcquireTokenInteractive(scopes) .ExecuteAsync(); request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", result.AccessToken); }); var graphClient = new GraphServiceClient(authProvider); var me = await graphClient.Me.Request().GetAsync(); Console.WriteLine(me.DisplayName);
自动读取当前Windows身份。限制较多:要求用域账号登录,并且跟AAD做了同步。
var authProvider = new DelegateAuthenticationProvider(async (request) => { var result = await pca.AcquireTokenByIntegratedWindowsAuth(scopes).ExecuteAsync(); request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", result.AccessToken); }); var graphClient = new GraphServiceClient(authProvider); var me = await graphClient.Me.Request().GetAsync(); Console.WriteLine(me.DisplayName);
某些情况下好用,不需要弹出任何界面。
Console.WriteLine("请输入用户名"); var username = Console.ReadLine(); SecureString securePwd = new SecureString(); ConsoleKeyInfo key; Console.WriteLine("请输入密码"); do{ key = Console.ReadKey(true); securePwd.AppendChar(key.KeyChar); Console.Write("*"); } while (key.Key != ConsoleKey.Enter); var authProvider = new DelegateAuthenticationProvider(async (request) => { var result = await pca.AcquireTokenByUsernamePassword(scopes, username, securePwd).ExecuteAsync(); request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", result.AccessToken); }); var graphClient = new GraphServiceClient(authProvider); var me = await graphClient.Me.Request().GetAsync(); Console.WriteLine(me.DisplayName);
var authProvider = new DelegateAuthenticationProvider(async (request) => { var result = await pca.AcquireTokenWithDeviceCode(scopes, r => { return Task.FromResult(0); }).ExecuteAsync(); request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", result.AccessToken); }); var graphClient = new GraphServiceClient(authProvider); var me = await graphClient.Me.Request().GetAsync(); Console.WriteLine(me.DisplayName);
Install-Module -Name MSAL.PS -Scope CurrentUser # MSAL.PS 不是官方库,但也是由微软员工编写的 $token = Get-MsalToken ` -ClientId 87700721-9a44-4470-9099-d079aab1c3d6 ` -TenantId 3a6831ab-6304-4c72-8d08-3afe544555dd ` -Scopes Mail.read # 这里会弹出对话框进行身份验证 # 有了 AccessToken 就可以做服务调用了,通过REST接口即可 curl -Uri "https://graph.microsoft.com/v1.0/me/messages" ` -Headers @{"Authorization"="Bearer $($token.AccessToken)"} ` -UseBasicParsing # 如果后续目的纯粹是为了访问MicrosoftGraph, 则可以安装下面的模块 Install-Module Microsoft.Graph -Scope CurrentUser # 详情参考 https://docs.microsoft.com/zh-cn/graph/powershell/get-started
你可以通过邮件 ares@xizhang.com 与我取得联系,也可以关注 code365xyz 这个微信公众号给我留言。
code365xyz
点击这里 或扫码可以访问配套视频教程。
陈希章 2022年2月 于上海