asp.net Webapi登录azureAD并调用azure graph api
2017-08-27 21:51
603 查看
1. 需要安装的包:
Microsoft.Azure.ActiveDirectory.GraphClient
Microsoft.IdentityModel.Clients.ActiveDirectory
C# 实例包含:
1. 使用用户名密码登录获取accesstoken和idtoken
2. 使用idtoken获取idtoken和accesstoken
3. 调用graphapi获得更多信息
完整示例: https://github.com/iorilan/WebApiAzureADSample
Microsoft.Azure.ActiveDirectory.GraphClient
Microsoft.IdentityModel.Clients.ActiveDirectory
C# 实例包含:
1. 使用用户名密码登录获取accesstoken和idtoken
2. 使用idtoken获取idtoken和accesstoken
3. 调用graphapi获得更多信息
internal class AzureADGlobalConstants { public const string AuthString = "https://login.microsoftonline.com/"; public const string ResourceUrl = "https://graph.windows.net"; public const string GraphServiceObjectId = "00000002-0000-0000-c000-000000000000"; } public class CertisAdLoginController : ApiController { public class LoginResult { public bool IsSuccess { get; set; } public string ErrorMessage { get; set; } public object Data { get; set; } public IUser UserDetail { get; set; } } internal class AzureADAppConstants { /// <summary> /// The application id ,you can login to azure portal -> /// Azure Active Directory -> /// Registered Apps -> click the app /// </summary> public const string ClientId = "your_app_id"; /// <summary> /// Login to your azure portal -> /// Azure Active Directory -> /// Registered Apps -> click the app /// keys -> add new /// </summary> public const string ClientSecret = "your_app_key"; /// <summary> /// this is used to construct the login user name: /// e.g. someone@xxx.onmicrosoft.com /// </summary> public const string TenantName = "yourdomain@onmicrosoft.com"; /// <summary> /// you can get this value form below steps : /// Login to your azure portal -> /// Azure Active Directory -> /// Properties -> DirectoryId /// </summary> public const string TenantId = "your_tenant_id"; } /// <summary> /// Login with idToken /// </summary> /// <param name="idToken"></param> /// <returns></returns> [HttpPost] public IHttpActionResult Login(string idToken) { try { string directoryName = AzureADAppConstants.TenantName; string clientId = AzureADAppConstants.ClientId; var credentials = new UserAssertion(idToken); var authenticationContext = new AuthenticationContext(AzureADGlobalConstants.AuthString + directoryName); var result = authenticationContext.AcquireTokenAsync(AzureADGlobalConstants.ResourceUrl, clientId, credentials).Result; var tokenGetter = Task.Run(() => { return result.AccessToken; }); // get more details var userDetail = GetUserDetailById(tokenGetter, result.UserInfo.UniqueId); return Ok(new LoginResult() { IsSuccess = true, Data = result, ErrorMessage = "", UserDetail = userDetail }); } catch (Exception ex) { return Ok(new LoginResult() { IsSuccess = false, ErrorMessage = ex.Message }); } } /// <summary> /// Login with username/password /// </summary> /// <param name="username"></param> /// <param name="password"></param> /// <returns></returns> [HttpPost] public IHttpActionResult Login(string username, string password) { try { string directoryName = AzureADAppConstants.TenantName; string clientId = AzureADAppConstants.ClientId; var credentials = new UserPasswordCredential(string.Format("{0}@{1}", username, directoryName), password); var authenticationContext = new AuthenticationContext(AzureADGlobalConstants.AuthString + directoryName); var result = authenticationContext.AcquireTokenAsync(AzureADGlobalConstants.ResourceUrl, clientId, credentials).Result; var tokenGetter = Task.Run(() => { return result.AccessToken; }); // get more details var userDetail = GetUserDetailById(tokenGetter, result.UserInfo.UniqueId); return Ok(new LoginResult() { IsSuccess = true, Data = result, ErrorMessage = "", UserDetail = userDetail }); } catch (Exception ex) { return Ok(new LoginResult() { IsSuccess = false, ErrorMessage = ex.Message }); } } private IUser GetUserDetailById(Task<string> accessToken, string userid) { Uri servicePointUri = new Uri(AzureADGlobalConstants.ResourceUrl); Uri serviceRoot = new Uri(servicePointUri, CertisAdLoginController.AzureADAppConstants.TenantId); ActiveDirectoryClient client = new ActiveDirectoryClient(serviceRoot, () => { return accessToken; }); IUser firstMatch = null; try { IUserCollection userCollection = client.Users; firstMatch = userCollection.Where(user => user.ObjectId == userid) .Take(10).ExecuteAsync(). Result.CurrentPage.First(); return firstMatch; } catch (Exception e) { return null; } } }
完整示例: https://github.com/iorilan/WebApiAzureADSample
相关文章推荐
- python 3 登录azureAD并调用azure graph api
- ASP.NET 5中使用AzureAD实现单点登录
- ASP.NET 5中使用AzureAD实现单点登录
- ASP.NET 5探险(5):利用AzureAD实现单点登录
- asp.net调用腾讯微博API发微博
- ASP.NET调用V3版本的Google Maps API
- GOOGLE API - 翻译, 后台c# 调用前台js代码, asp.net后台调用js代码
- asp.net 模拟CURL调用微信公共平台API 上传下载多媒体文件接口
- asp.net 调用自定义类的方法 判断用户是否登录
- 解决调用url带有英文句号(.)导致asp.net api路由失败(404)的问题
- jquery+asp.net 调用百度geocoder手机浏览器定位--Api介绍及Html定位方法
- Google Map开发(一) ASP.NET中调用Google Map API实现简单的地图显示
- 关于AJAX跨域调用ASP.NET MVC或者WebAPI服务的问题及解决方案
- IIS 部署ASP.Net, WebAPI, Restful API, PUT/DELETE 报405错解决办法, webapi method not allowed 405
- Asp.NET MVC+WebAPI跨域调用
- C#编译器优化那点事 c# 如果一个对象的值为null,那么它调用扩展方法时为甚么不报错 webAPI 控制器(Controller)太多怎么办? .NET MVC项目设置包含Areas中的页面为默认启动页 (五)Net Core使用静态文件 学习ASP.NET Core Razor 编程系列八——并发处理
- ASP.Net 域自动登录(AD自动登录)
- ASP.NET调用存储过程验证用户登录
- 一个ASP.NET MVC中ajax调用WebApi返回500 Internal Server Error的调错方法。
- 关于AJAX跨域调用ASP.NET MVC或者WebAPI服务的问题及解决方案