使用OAuth验证EWS应用程序
本文关键字:应用程序 EWS 验证 OAuth 使用 | 更新日期: 2023-09-27 18:07:40
我试图遵循本教程中的步骤,通过oAuth验证我的应用程序,并使用EWS管理的API检索令牌。
下面是最后的代码:static void Run()
{
string authority = ConfigurationSettings.AppSettings["authority"];
string clientID = ConfigurationSettings.AppSettings["clientID"];
Uri clientAppUri = new Uri(ConfigurationSettings.AppSettings["clientAppUri"]);
string serverName = ConfigurationSettings.AppSettings["serverName"];
AuthenticationResult authenticationResult = null;
AuthenticationContext authenticationContext = new AuthenticationContext(authority, false);
string errorMessage = null;
try
{
Console.WriteLine("Trying to acquire token");
authenticationResult = authenticationContext.AcquireToken(serverName, clientID, clientAppUri, PromptBehavior.Auto);
}
catch (AdalException ex)
{
errorMessage = ex.Message;
if (ex.InnerException != null)
{
errorMessage += "'nInnerException : " + ex.InnerException.Message;
}
}
catch (ArgumentException ex)
{
errorMessage = ex.Message;
}
if (!string.IsNullOrEmpty(errorMessage))
{
Console.WriteLine("Failed: {0}" + errorMessage);
return;
}
Console.WriteLine("'nMaking the protocol call'n");
ExchangeService exchangeService = new ExchangeService(ExchangeVersion.Exchange2013);
exchangeService.Url = new Uri(serverName + "ews/exchange.asmx");
exchangeService.TraceEnabled = true;
exchangeService.TraceFlags = TraceFlags.All;
exchangeService.Credentials = new OAuthCredentials(authenticationResult.AccessToken);
//exchangeService.TraceListener = new TraceListener();
var res = exchangeService.FindFolders(WellKnownFolderName.Root, new FolderView(10));
}
下面是配置文件:
<add key="authority" value="https://login.windows.net/???.onmicrosoft.com" />
<add key="clientId" value="???" />
<add key="clientAppUri" value="https://localhost/8a4abb13c70dab64a18ae81089bc2cff"/>
<add key="serverName" value="https://outlook.office365.com/" />
错误信息如下:
The request failed. The remote server returned an error: (401) Unauthorized.
,下面是ExchangeService的trace:
<Trace Tag="EwsRequestHttpHeaders" Tid="12" Time="2015-08-13 13:56:24Z">
POST /ews/exchange.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
Accept: text/xml
User-Agent: ExchangeServicesClient/15.00.0847.030
Accept-Encoding: gzip,deflate
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSIsImtpZCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlMzY1LmNvbS8iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9mMTFjYjAzOS05NzFlLTQxOWItYjg5NS01ZjIxZTkxOWFlZmUvIiwiaWF0IjoxNDM5NDczOTI0LCJuYmYiOjE0Mzk0NzM5MjQsImV4cCI6MTQzOTQ3NzgyNCwidmVyIjoiMS4wIiwidGlkIjoiZjExY2IwMzktOTcxZS00MTliLWI4OTUtNWYyMWU5MTlhZWZlIiwiZW1haWwiOiJoYW1pZC5lbG1pQGNvbnNldHRvLmNvbSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2JiZDIwM2I4LTkwMjEtNDZiZi05NzE2LTUyZWE5MzY1MjQ3Zi8iLCJhbHRzZWNpZCI6IjU6OjEwMDNCRkZEOEIxMTQxMTUiLCJzdWIiOiJPc0t2cnY3YU1hX3VKZktYNGltYXduSVp6SVIybDdkTXBkcUV6M0Y2U2U0IiwiZ2l2ZW5fbmFtZSI6IkhhbWlkIiwibmFtZSI6IkhhbWlkIEVsbWkiLCJhbXIiOlsicHdkIl0sInVuaXF1ZV9uYW1lIjoiaGFtaWQuZWxtaUBjb25zZXR0by5jb20iLCJhcHBpZCI6IjFkMGFiN2ZmLTU5NzItNDJlZS1iZGMwLWYzMzQwNTJhZmZjOCIsImFwcGlkYWNyIjoiMCIsInNjcCI6IkNhbGVuZGFycy5SZWFkIENhbGVuZGFycy5SZWFkV3JpdGUgQ29udGFjdHMuUmVhZCBDb250YWN0cy5SZWFkV3JpdGUgRGlyZWN0b3J5LkFjY2Vzc0FzVXNlci5BbGwgRGlyZWN0b3J5LlJlYWQgRGlyZWN0b3J5LldyaXRlIEZpbGVzLlJlYWQgRmlsZXMuUmVhZC5TZWxlY3RlZCBGaWxlcy5SZWFkV3JpdGUgRmlsZXMuUmVhZFdyaXRlLlNlbGVjdGVkIGZ1bGxfYWNjZXNzX2FzX3VzZXIgR3JvdXAuUmVhZC5BbGwgR3JvdXAuUmVhZFdyaXRlLkFsbCBNYWlsLlJlYWQgTWFpbC5SZWFkV3JpdGUgTWFpbC5TZW5kIG9mZmxpbmVfYWNjZXNzIG9wZW5pZCBTaXRlcy5SZWFkLkFsbCBTaXRlcy5SZWFkV3JpdGUuQWxsIFVzZXIuUmVhZCBVc2VyLlJlYWQuQWxsIFVzZXIuUmVhZEJhc2ljLkFsbCBVc2VyLlJlYWRXcml0ZSBVc2VyLlJlYWRXcml0ZS5BbGwiLCJhY3IiOiIxIn0.tZAyNFquVvyg46lsN79bmpdHhVEPwCIbBXfgsQ3kCzXgmf0LmX3s0A6SV7eSfEKef_-U78HBViAIaUexWeKAV0SKzJZUiQJ0dpDossYt6CfBAlFn4J6_5oZ_jygeNH3xeiCgU4tQrlz5t8iMOeSmBjwIsa2K-Sizd_zC8m3wptg6HI2ubdFJd0VXYqb7WFW_Sb-7wmOZqp8Lybpf3W6qRO14FRpm1f0RGec7kx4jd0EobPUaYWnQaet2I8P-5tuq6fmkJx78mQLGCrkZMcSJVakWVgepgO3LrEvKRKLuzJ9p5fiRiEVGNAzHUubrIjCVcXuquYaPdF16dK3gUT3Uiw
</Trace>
<Trace Tag="EwsRequest" Tid="12" Time="2015-08-13 13:56:24Z" Version="15.00.0847.030">
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<t:RequestServerVersion Version="Exchange2013" />
</soap:Header>
<soap:Body>
<m:FindFolder Traversal="Shallow">
<m:FolderShape>
<t:BaseShape>AllProperties</t:BaseShape>
</m:FolderShape>
<m:IndexedPageFolderView MaxEntriesReturned="10" Offset="0" BasePoint="Beginning" />
<m:ParentFolderIds>
<t:DistinguishedFolderId Id="root" />
</m:ParentFolderIds>
</m:FindFolder>
</soap:Body>
</soap:Envelope>
</Trace>
A first chance exception of type 'System.Net.WebException' occurred in System.dll
<Trace Tag="EwsResponseHttpHeaders" Tid="12" Time="2015-08-13 13:56:26Z">
HTTP/1.1 401 Unauthorized
request-id: ea025c98-9e74-4799-8ac2-77251f641912
X-CalculatedBETarget: HE1PR09MB0330.eurprd09.prod.outlook.com
X-BackEndHttpStatus: 401
Content-Length: 0
Set-Cookie: ClientId=4HGSRI510SWOAIFT0U31G; expires=Fri, 12-Aug-2016 13:57:17 GMT; path=/; secure; HttpOnly,exchangecookie=86f12da3fb89403bb91c5fe8b525f43d; expires=Sat, 13-Aug-2016 13:57:18 GMT; path=/; HttpOnly,ClientId=4HGSRI510SWOAIFT0U31G; expires=Fri, 12-Aug-2016 13:57:17 GMT; path=/; secure; HttpOnly
Server: Microsoft-IIS/8.0
x-ms-diagnostics: 2000001;reason="No applicable user context claims found.";error_category="invalid_token"
X-DiagInfo: HE1PR09MB0330
X-BEServer: HE1PR09MB0330
X-Powered-By: ASP.NET
X-FEServer: DB5PR09CA0061
WWW-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_user_v1", authorization_uri="https://login.windows.net/common/oautA first chance exception of type 'Microsoft.Exchange.WebServices.Data.ServiceRequestException' occurred in Microsoft.Exchange.WebServices.dll
h2/authorize", error="invalid_token",Basic Realm="",Basic Realm=""
Date: Thu, 13 Aug 2015 13:57:17 GMT
</Trace>
您的令牌中有太多作用域(即scp声明)。这个值只能是full_access_as_user。在Azure管理门户中,您应该拥有的唯一Office 365 Exchange Online权限是"作为登录用户通过Exchange Web Services访问邮箱"。