Is it possible to send the SecurityTokenResponse from the IOrganizationServiceProxy in a HttpClient PostAsync call to an API defined in a SSO portal?

问题

We have a SSO portal that is authenticated via ADFS. If I call an API defined in this portal in the browser it automatically redirects to ADFS to authenticate then redirects to the portal with the Claim to call the API.

What I'm trying to do is call the API from within a CRM Workflow. How can I mimic this redirect?

I thought if I somehow got the token & put it in the HttpClient request, it would help. But I have no idea how it should be added to the HttpClient request.

Is what I am trying to do even possible, should I give up now and stop tearing my hair out!?

Here is my code that does NOT work, it returns an HTML page that I assume is the ADFS login

    protected override void Execute(CodeActivityContext executionContext)
    {
        IWorkflowContext context = executionContext.GetExtension<IWorkflowContext>();
        IOrganizationService service = executionContext.GetExtension<IOrganizationServiceFactory>().CreateOrganizationService(context.UserId);
        OrganizationServiceProxy orgSvcProxy = (service as OrganizationServiceProxy);
        ITracingService tracingService = executionContext.GetExtension<ITracingService>();
        SecurityToken token = orgSvcProxy.SecurityTokenResponse.Token;
        GenericXmlSecurityToken genericToken = (GenericXmlSecurityToken)((Microsoft.Xrm.Sdk.Client.ServiceProxy<Microsoft.Xrm.Sdk.IOrganizationService>)(orgSvcProxy)).SecurityTokenResponse.Token;
        try
        {
            Guid userId = context.InitiatingUserId;
            if (context.Depth > 1)
                return;

            String apiUrl = "https://myurl.com;
                try
                {
                        using (var client = new HttpClient(new HttpClientHandler
                        {
                            //UseCookies = false,
                            //UseProxy = true,
                            //UseDefaultCredentials = true,
                            AllowAutoRedirect = true,
                        }))
                        {
                            client.BaseAddress = new Uri(apiUrl);
                            client.DefaultRequestHeaders.Accept.Clear();
                            client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
                            client.Timeout = new TimeSpan(0, 2, 0);  // 2 minutes
                            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", genericToken.ProofToken.ToString()); 
                            using (var response = client.PostAsync("TestConnection", null).Result)
                            {
                                var responseText = response.Content.ReadAsStringAsync().Result;
                                if (response.IsSuccessStatusCode) //This is status code 200 - everything went well
                                {
                                }
                            }
                        }
                }
                catch (Exception ex)
                {
                    tracingService.Trace("API call failed: " + ex.Message);
                    throw ex;
                }
            }
        }
        catch (Exception ex)
        {
            if (ex.InnerException != null)
            {
                tracingService.Trace("Ccx.Xrm.Ccp.Workflow.BootstrapVirtualCareData: Failed: Message - " + ex.InnerException.Message);
            }
            else
            {
                tracingService.Trace("Ccx.Xrm.Ccp.Workflow.BootstrapVirtualCareData: Failed: Message - " + ex.Message);
            }
            throw ex;
        }
    }

来源：https://stackoverflow.com/questions/64654133/is-it-possible-to-send-the-securitytokenresponse-from-the-iorganizationservicepr