通过Rest Call查询Windows Azure Active Directory图表Api

Question

根据这个:http: //msdn.microsoft.com/en-us/library/windowsazure/dn424880.aspx 和这个 http://msdn.microsoft.com/en-us/library/windowsazure/hh974467.aspx

我应该可以做一个get请求

https://graph.windows.net/<my-object-guid>/tenantDetails?api-version=0.9

我正在使用Fiddler刚入门.在作曲家中设置:User-Agent:Fiddler Host:graph.windows.net授权:Bearer eyJ0eXA ....(我的令牌,使用来自WAAL的一些c#来获取令牌).

这是返回的内容

HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8
Server: Microsoft-IIS/8.0
WWW-Authenticate: Bearer realm="<my-object-guid>", error="invalid_token", error_description="Access Token missing or malformed.", authorization_uri="https://login.windows.net/<my-object-guid>/oauth2/authorize", client_id="00000002-0000-0000-c000-000000000000"
ocp-aad-diagnostics-server-name: 11iIdMb+aPxfKyeakCML7Tenz8Kyy+G8VG19OZB/CJU=
request-id: 99d802a3-0e55-4018-b94d-a8c00ec8f171
client-request-id: 7ed93efd-86c5-4900-ac1f-747a51fe1d8a
x-ms-dirapi-data-contract-version: 0.9
X-Content-Type-Options: nosniff
DataServiceVersion: 3.0;
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Date: Tue, 14 Jan 2014 00:13:27 GMT
Content-Length: 129

{"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."}}}

当我在我的应用程序中执行某些操作时,令牌被接受,所以我不相信它的格式错误.

Answer 1

我一直遇到这个问题.我使用以下代码为我的原生应用程序获取持票人令牌:

        var authContext = new AuthenticationContext("AUTHORITY");
        string token;
        try
        {
            var authresult = authContext.AcquireToken("MYAPP_ID","MYAPP_CLIENTID","MYAPP_REDIRECTURI");
            token = authresult.AccessToken;
        }

使用该令牌可以很好地在我自己的应用程序中授权操作,但是当我尝试使用相同的令牌作为Graph API的授权时,我会得到与OP相同的错误.

我必须要做的是专门为Graph API获取一个新的令牌 - 我使用了与上面相同的代码,但我用的是"https://graph.windows.net"代替"MYAPP_ID".因此,为了清楚起见,以下代码为Graph API提供了正确的OAuth令牌:

        var authContext = new AuthenticationContext("AUTHORITY");
        string token;
        try
        {
            var authresult = authContext.AcquireToken("https://graph.windows.net","MYAPP_CLIENTID","MYAPP_REDIRECTURI");
            token = authresult.AccessToken;
        }

只需确保在Azure中注册的应用程序具有访问Azure域目录所需的权限.