问题
ADAL v3 has the UserPasswordCredential class, but I cannot find a working implementation. There's no AcquireToken overload which accepts a UserPasswordCredential or UserCredential type. What is the correct way of performing the username&password flow in ADAL v3? This particular piece of code is using full .Net 4.5.
回答1:
If you were developing with client app, you can refer the code below to acquire the token:
string authority = "https://login.microsoftonline.com/xxxx.onmicrosoft.com";
string resrouce = "https://graph.windows.net";
string clientId = "";
string userName = "";
string password = "";
UserPasswordCredential userPasswordCredential = new UserPasswordCredential(userName,password);
AuthenticationContext authContext = new AuthenticationContext(authority);
var token= authContext.AcquireTokenAsync(resrouce,clientId, userPasswordCredential).Result.AccessToken;
And if you were developing with web app( this is not common scenario), there is no such method in ADAL V3 to support this scenario. As a workaround, you may construct the request yourself. Here is an example for your reference:
POST: https://login.microsoftonline.com/xxxxx.onmicrosoft.com/oauth2/token
Content-Type: application/x-www-form-urlencoded
resource={resource}&client_id={clientId}&grant_type=password&username={userName}&password={password}&scope=openid&client_secret={clientSecret}
回答2:
To elaborate on the second part of the accepted answer, here is an implementation to make the POST request:
From SettingHelper: public static string GetAuthorityEndpoint(string azuretenantId) => $"https://login.microsoftonline.com/{azuretenantId}/";
private static async Task<OAuthResult> AuthenticateAsync(string resource = "https://yourAzureADProtectedResource.url/")
{
var oauthEndpoint = new Uri(new Uri(SettingsHelper.GetAuthorityEndpoint("your AAD Tenent ID")), "oauth2/token");
using (var client = new HttpClient())
{
var result = await client.PostAsync(oauthEndpoint, new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("resource", resource),
new KeyValuePair<string, string>("client_id", "your AAD App Id"),
new KeyValuePair<string, string>("grant_type", "password"),
new KeyValuePair<string, string>("username", "your.user@yourtenent.url"),
new KeyValuePair<string, string>("password", "your password"),
new KeyValuePair<string, string>("scope", "openid"),
new KeyValuePair<string, string>("client_secret", "an access key for your AAD App"),
}));
var content = await result.Content.ReadAsStringAsync();
var authResult = JsonConvert.DeserializeObject<OAuthResult>(content);
return authResult;
}
}
class OAuthResult
{
public string Token_Type { get; set; }
public string Scope { get; set; }
public int Expires_In { get; set; }
public int Ext_Expires_In { get; set; }
public int Expires_On { get; set; }
public int Not_Before { get; set; }
public Uri Resource { get; set; }
public string Access_Token { get; set; }
}
You can then go on to use the Auth result like this:
private async Task<HttpClient> GetHttpClientWithAzureADAuthentication()
{
OAuthResult authResult;
try
{
authResult = await AuthenticateAsync();
var httpClient = GetHttpClient();
httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {authResult.Access_Token}");
return httpClient;
}
catch (Exception e)
{
Debug.WriteLine(e);
throw;
}
}
来源:https://stackoverflow.com/questions/40498384/adal-v3-how-to-authenticate-using-userpasswordcredential