ADAL令牌获取异常
本文关键字:异常 获取 令牌 ADAL | 更新日期: 2023-09-27 18:16:41
我已经按照下面的示例实现了Azure AD认证:
https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-openidconnect这是我的应用程序的代码。用户获得间歇异常"静默获取令牌失败"。调用方法令牌获取"。如有任何帮助,我将不胜感激。
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = ClientId,
Authority = Authority,
Notifications = new OpenIdConnectAuthenticationNotifications()
{
AuthorizationCodeReceived = (context) =>
{
string userObjectId = null;
var code = context.Code;
var currentClaimsIdentity = context.AuthenticationTicket.Identity;
if (currentClaimsIdentity != null)
{
userObjectId = currentClaimsIdentity.FindFirst(Constants.ObjectIdentifierClaimType).Value;
}
ClientCredential credential = new ClientCredential(ClientId, AppKey);
AuthenticationContext authContext = new AuthenticationContext(Authority, new SessionCache(userObjectId, HttpContext.Current));
authContext.AcquireTokenByAuthorizationCode(code, StandardSettings.ReplyUrl, credential, Constants.GraphResourceBaseUrl);
return Task.FromResult(0);
},
AuthenticationFailed = context =>
{
context.HandleResponse();
context.Response.Redirect("/");
return Task.FromResult(0);
}
}
});
/// <summary>
/// Gets the access token.
/// </summary>
/// <returns>The access token for service call.</returns>
private string GetAccessToken()
{
string userName = null;
AuthenticationResult authenticationResult = null;
ClaimsPrincipal currentClaimsPrincipal = ClaimsPrincipal.Current;
if (currentClaimsPrincipal != null)
{
userName = currentClaimsPrincipal.FindFirst(ClaimTypes.Name).Value;
}
try
{
authenticationResult = this.GetAuthenticationResult();
if (authenticationResult.ExpiresOn < DateTimeOffset.UtcNow)
{
Trace.TraceWarning("Access token expired for the user: {0}. Challenge the user authentication to get a new token.", userName);
this.httpCurrentContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
}
catch (AdalSilentTokenAcquisitionException ex)
{
Trace.TraceWarning("Failed to acquire the token for the user: {0} with exception: {1}. Challenge the user authentication for retry.", userName, ex);
this.httpCurrentContext.GetOwinContext().Authentication.Challenge(OpenIdConnectAuthenticationDefaults.AuthenticationType);
}
if (authenticationResult == null)
{
try
{
authenticationResult = this.GetAuthenticationResult();
}
catch (Exception ex)
{
Trace.TraceWarning("Failed to acquire the token on the retry for the user: {0} with the exception: {1}.", userName, ex);
throw new AdalException(
AdalError.FailedToAcquireTokenSilently,
"The session expired or the token cache was reset. Please sign out and then navigate to the url again to re-authenticate.");
}
}
return authenticationResult.AccessToken;
}
/// <summary>
/// Get the authentication result for the request.
/// </summary>
/// <returns>The authentication result.</returns>
private AuthenticationResult GetAuthenticationResult()
{
string userObjectId = null;
ClaimsPrincipal currentClaimsPrincipal = ClaimsPrincipal.Current;
if (currentClaimsPrincipal != null)
{
userObjectId = currentClaimsPrincipal.FindFirst(Constants.ObjectIdentifierClaimType).Value;
}
AuthenticationContext authContext = new AuthenticationContext(
Startup.Authority,
new SessionCache(userObjectId, this.httpCurrentContext));
ClientCredential credential = new ClientCredential(Startup.ClientId, Startup.AppKey);
return authContext.AcquireTokenSilent(
Constants.GraphResourceBaseUrl,
credential,
new UserIdentifier(userObjectId, UserIdentifierType.UniqueId));
}
消息出现的原因有很多:
- 你正在使用的缓存是空的
- 缓存不包含有效的刷新令牌(过期等)
- 缓存不包含您指定的权限/客户端/用户组合的刷新令牌
- 用户的标识符与最初在令牌 中发出的实际用户标识符不对应。