我使用ASP .NET框架的Web应用程序。它的一个功能需要访问用户的Outlook日历。
目前,应用程序使用常规ASP .NET身份身份验证,而无需开放。它还允许第三方身份验证提供商。这是我启动类的代码:
public partial class Startup
{
private static readonly string APP_ID = WebConfigurationManager.AppSettings["Site_Cert_App_ID"];
private static readonly string APP_SECRET = WebConfigurationManager.AppSettings["Site_Cert_App_Secret"];
// For more information on configuring authentication, please visit https://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
app.UseMicrosoftAccountAuthentication(new Microsoft.Owin.Security.MicrosoftAccount.MicrosoftAccountAuthenticationOptions
{
ClientId = APP_ID,
ClientSecret = APP_SECRET,
Scope = { "offline_access", "User.Read", "Calendars.Read" }
});
}
}
由于该应用程序的其他功能与其他Microsoft的服务完全无关,因此我想保留此身份验证方法并使用Microsoft帐户外部登录使用图形API,而不是完整的OpenDID身份验证过程。但是,我还没有找到任何示例,也无法弄清楚如何访问用于外部身份验证的令牌以将其重用图形API。
有什么简单的方法可以做到吗?还是不可能,我必须实施完整的过程以代表用户获得令牌?
您可以尝试以下内容:https://learn.microsoft.com/en-us/graph/auth-v2-user步骤如下:
- 在Azure AD中注册您的应用程序。
- 获得授权。
- 获取访问令牌。
- 用访问令牌调用Microsoft Graph。
- 使用刷新令牌获取新的访问令牌。
旁注,要获取特定用户的日历,您可以使用
GET /users/{id | userPrincipalName}/calendars
文档MS图
Graph Explorer