问题
This is my code to authenticate for using Microsoft Graph with Outlook:
public async Task AquireToken()
{
try
{
if (_AuthResult == null)
{
_AuthResult = await Program.PublicClientApp.AcquireTokenSilentAsync(
_scopes, Program.PublicClientApp.Users.FirstOrDefault());
}
}
catch (MsalUiRequiredException ex)
{
// A MsalUiRequiredException happened on AcquireTokenSilentAsync.
// This indicates you need to call AcquireTokenAsync to acquire a token.
System.Diagnostics.Debug.WriteLine($"MsalUiRequiredException: {ex.Message}");
try
{
_AuthResult = await Program.PublicClientApp.AcquireTokenAsync(_scopes);
}
catch (MsalException msalex)
{
_ResultsText = $"Error Acquiring Token:{System.Environment.NewLine}{msalex}";
}
}
catch (Exception ex)
{
_ResultsText = $"Error Acquiring Token Silently:{System.Environment.NewLine}{ex}";
}
if (_AuthResult != null)
{
_ResultsText = await GetHttpContentWithToken(_graphAPIEndpoint, _AuthResult.AccessToken);
}
}
It is based on the samples provided by Microsoft. In the console output it says:
Token Expires: 04/09/2017 14:18:06 +01:00
That code is displayed from:
$"Token Expires: {_AuthResult.ExpiresOn.ToLocalTime()}" + Environment.NewLine;
Thus, this implies that the token is valid for one hour. So if I run my utility again I am expecting it to use the same token until it needs to ask for a new one. But it doesn't. It always shows the prompt.
What step have I missed?
The Exception
As per the request in the comments, this is the details from the exception:
MsalUiRequiredException: Null user was passed in AcquiretokenSilent API. Pass in a user object or call acquireToken authenticate.
This might help
Microsoft Graph SDK - Login
I need to review the answer provided:
you need to implement a token cache and use AcquireTokenSilentAsync. https://docs.microsoft.com/en-us/outlook/rest/dotnet-tutorial has a web app example.
回答1:
I made use of the registry. Save the token when you get a successful log in then call the token back each time you need to make use of the GraphServiceClient. If the token has expired or an error appears you can recall the log in process and save the new token.
public static async Task<GraphServiceClient> GetAuthenticatedClientAsync()
{
GraphServiceClient graphClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
async (requestMessage) =>
{
string appID = ConfigurationManager.AppSettings["ida:AppId"];
PublicClientApplication PublicClientApp = new PublicClientApplication(appID);
string[] _scopes = new string[] { "Calendars.read", "Calendars.readwrite", "Mail.read", "User.read" };
AuthenticationResult authResult = null;
string keyName = @"Software\xxx\Security";
string valueName = "Status";
string token = "";
RegistryKey regKey = Registry.CurrentUser.OpenSubKey(keyName, false);
if (regKey != null)
{
token = (string)regKey.GetValue(valueName);
}
if (regKey == null || string.IsNullOrEmpty(token))
{
authResult = await PublicClientApp.AcquireTokenAsync(_scopes); //Opens Microsoft Login Screen
//code if key Not Exist
RegistryKey key;
key = Registry.CurrentUser.CreateSubKey(@"Software\xxx\Security");
key.OpenSubKey(@"Software\xxx\Security", true);
key.SetValue("Status", authResult.AccessToken);
key.SetValue("Expire", authResult.ExpiresOn.ToString());
key.Close();
// Append the access token to the request.
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", token);
}
else
{
//code if key Exists
RegistryKey reg = Registry.CurrentUser.OpenSubKey(@"Software\xxx\Login", true);
// set value of "abc" to "efd"
token = (string)regKey.GetValue(valueName);
// Append the access token to the request.
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", token);
}
}));
try
{
Microsoft.Graph.User me = await graphClient.Me.Request().GetAsync();
}
catch(Exception e)
{
if (e.ToString().Contains("Access token validation failure") || e.ToString().Contains("Access token has expired"))
{
string keyName = @"Software\xxx\Security";
using (RegistryKey key = Registry.CurrentUser.OpenSubKey(keyName, true))
{
if (key != null)
{
key.DeleteValue("Status");
key.DeleteValue("Expire");
}
else
{
MessageBox.Show("Error! Something went wrong. Please contact your administrator.", "Error!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
await GetAuthenticatedClientAsync();
}
}
return graphClient;
}
回答2:
MSAL .NET on the desktop does not offer a persistent cache, because there's no obvious storage it can rely on out of the box (while MSAL does offer persistent storage on UWP, Xamarin iOS and Android, where app isolated storage is available). Out of the box, MSAL .NET on the desktop uses an inmemory cache that will vanish as soon as the process ends. Please refer to https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-desktop-msgraph-v2/ for an example demonstrating how to provide a simple file based cache that will persist tokens across executions.
来源:https://stackoverflow.com/questions/46037019/why-does-my-application-always-end-up-calling-program-publicclientapp-acquiretok