使用OAuth对EWS应用程序进行身份验证

本文介绍了使用OAuth对EWS应用程序进行身份验证的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正尝试从此本教程将通过oAuth对我的应用进行身份验证，并将检索到的令牌用于EWS托管API.

I was trying to follow the steps from this this tutorial to authenticate my app by oAuth and use the retrieved token for EWS managed API.

这是最终代码:

static void Run() { string authority = ConfigurationSettings.AppSettings["authority"]; string clientID = ConfigurationSettings.AppSettings["clientID"]; Uri clientAppUri = new Uri(ConfigurationSettings.AppSettings["clientAppUri"]); string serverName = ConfigurationSettings.AppSettings["serverName"]; AuthenticationResult authenticationResult = null; AuthenticationContext authenticationContext = new AuthenticationContext(authority, false); string errorMessage = null; try { Console.WriteLine("Trying to acquire token"); authenticationResult = authenticationContext.AcquireToken(serverName, clientID, clientAppUri, PromptBehavior.Auto); } catch (AdalException ex) { errorMessage = ex.Message; if (ex.InnerException != null) { errorMessage += "\nInnerException : " + ex.InnerException.Message; } } catch (ArgumentException ex) { errorMessage = ex.Message; } if (!string.IsNullOrEmpty(errorMessage)) { Console.WriteLine("Failed: {0}" + errorMessage); return; } Console.WriteLine("\nMaking the protocol call\n"); ExchangeService exchangeService = new ExchangeService(ExchangeVersion.Exchange2013); exchangeService.Url = new Uri(serverName + "ews/exchange.asmx"); exchangeService.TraceEnabled = true; exchangeService.TraceFlags = TraceFlags.All; exchangeService.Credentials = new OAuthCredentials(authenticationResult.AccessToken); //exchangeService.TraceListener = new TraceListener(); var res = exchangeService.FindFolders(WellKnownFolderName.Root, new FolderView(10)); }

这是配置文件:

<add key="authority" value="login.windows/???.onmicrosoft" /> <add key="clientId" value="???" /> <add key="clientAppUri" value="localhost/8a4abb13c70dab64a18ae81089bc2cff"/> <add key="serverName" value="outlook.office365/" />

这是错误消息:

The request failed. The remote server returned an error: (401) Unauthorized.

这是ExchangeService的痕迹:

and here is trace of ExchangeService:

<Trace Tag="EwsRequestHttpHeaders" Tid="12" Time="2015-08-13 13:56:24Z"> POST /ews/exchange.asmx HTTP/1.1 Content-Type: text/xml; charset=utf-8 Accept: text/xml User-Agent: ExchangeServicesClient/15.00.0847.030 Accept-Encoding: gzip,deflate Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSIsImtpZCI6Ik1uQ19WWmNBVGZNNXBPWWlKSE1iYTlnb0VLWSJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlMzY1LmNvbS8iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9mMTFjYjAzOS05NzFlLTQxOWItYjg5NS01ZjIxZTkxOWFlZmUvIiwiaWF0IjoxNDM5NDczOTI0LCJuYmYiOjE0Mzk0NzM5MjQsImV4cCI6MTQzOTQ3NzgyNCwidmVyIjoiMS4wIiwidGlkIjoiZjExY2IwMzktOTcxZS00MTliLWI4OTUtNWYyMWU5MTlhZWZlIiwiZW1haWwiOiJoYW1pZC5lbG1pQGNvbnNldHRvLmNvbSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2JiZDIwM2I4LTkwMjEtNDZiZi05NzE2LTUyZWE5MzY1MjQ3Zi8iLCJhbHRzZWNpZCI6IjU6OjEwMDNCRkZEOEIxMTQxMTUiLCJzdWIiOiJPc0t2cnY3YU1hX3VKZktYNGltYXduSVp6SVIybDdkTXBkcUV6M0Y2U2U0IiwiZ2l2ZW5fbmFtZSI6IkhhbWlkIiwibmFtZSI6IkhhbWlkIEVsbWkiLCJhbXIiOlsicHdkIl0sInVuaXF1ZV9uYW1lIjoiaGFtaWQuZWxtaUBjb25zZXR0by5jb20iLCJhcHBpZCI6IjFkMGFiN2ZmLTU5NzItNDJlZS1iZGMwLWYzMzQwNTJhZmZjOCIsImFwcGlkYWNyIjoiMCIsInNjcCI6IkNhbGVuZGFycy5SZWFkIENhbGVuZGFycy5SZWFkV3JpdGUgQ29udGFjdHMuUmVhZCBDb250YWN0cy5SZWFkV3JpdGUgRGlyZWN0b3J5LkFjY2Vzc0FzVXNlci5BbGwgRGlyZWN0b3J5LlJlYWQgRGlyZWN0b3J5LldyaXRlIEZpbGVzLlJlYWQgRmlsZXMuUmVhZC5TZWxlY3RlZCBGaWxlcy5SZWFkV3JpdGUgRmlsZXMuUmVhZFdyaXRlLlNlbGVjdGVkIGZ1bGxfYWNjZXNzX2FzX3VzZXIgR3JvdXAuUmVhZC5BbGwgR3JvdXAuUmVhZFdyaXRlLkFsbCBNYWlsLlJlYWQgTWFpbC5SZWFkV3JpdGUgTWFpbC5TZW5kIG9mZmxpbmVfYWNjZXNzIG9wZW5pZCBTaXRlcy5SZWFkLkFsbCBTaXRlcy5SZWFkV3JpdGUuQWxsIFVzZXIuUmVhZCBVc2VyLlJlYWQuQWxsIFVzZXIuUmVhZEJhc2ljLkFsbCBVc2VyLlJlYWRXcml0ZSBVc2VyLlJlYWRXcml0ZS5BbGwiLCJhY3IiOiIxIn0.tZAyNFquVvyg46lsN79bmpdHhVEPwCIbBXfgsQ3kCzXgmf0LmX3s0A6SV7eSfEKef_-U78HBViAIaUexWeKAV0SKzJZUiQJ0dpDossYt6CfBAlFn4J6_5oZ_jygeNH3xeiCgU4tQrlz5t8iMOeSmBjwIsa2K-Sizd_zC8m3wptg6HI2ubdFJd0VXYqb7WFW_Sb-7wmOZqp8Lybpf3W6qRO14FRpm1f0RGec7kx4jd0EobPUaYWnQaet2I8P-5tuq6fmkJx78mQLGCrkZMcSJVakWVgepgO3LrEvKRKLuzJ9p5fiRiEVGNAzHUubrIjCVcXuquYaPdF16dK3gUT3Uiw </Trace> <Trace Tag="EwsRequest" Tid="12" Time="2015-08-13 13:56:24Z" Version="15.00.0847.030"> <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="www.w3/2001/XMLSchema-instance" xmlns:m="schemas.microsoft/exchange/services/2006/messages" xmlns:t="schemas.microsoft/exchange/services/2006/types" xmlns:soap="schemas.xmlsoap/soap/envelope/"> <soap:Header> <t:RequestServerVersion Version="Exchange2013" /> </soap:Header> <soap:Body> <m:FindFolder Traversal="Shallow"> <m:FolderShape> <t:BaseShape>AllProperties</t:BaseShape> </m:FolderShape> <m:IndexedPageFolderView MaxEntriesReturned="10" Offset="0" BasePoint="Beginning" /> <m:ParentFolderIds> <t:DistinguishedFolderId Id="root" /> </m:ParentFolderIds> </m:FindFolder> </soap:Body> </soap:Envelope> </Trace> A first chance exception of type 'System.Net.WebException' occurred in System.dll <Trace Tag="EwsResponseHttpHeaders" Tid="12" Time="2015-08-13 13:56:26Z"> HTTP/1.1 401 Unauthorized request-id: ea025c98-9e74-4799-8ac2-77251f641912 X-CalculatedBETarget: HE1PR09MB0330.eurprd09.prod.outlook X-BackEndHttpStatus: 401 Content-Length: 0 Set-Cookie: ClientId=4HGSRI510SWOAIFT0U31G; expires=Fri, 12-Aug-2016 13:57:17 GMT; path=/; secure; HttpOnly,exchangecookie=86f12da3fb89403bb91c5fe8b525f43d; expires=Sat, 13-Aug-2016 13:57:18 GMT; path=/; HttpOnly,ClientId=4HGSRI510SWOAIFT0U31G; expires=Fri, 12-Aug-2016 13:57:17 GMT; path=/; secure; HttpOnly Server: Microsoft-IIS/8.0 x-ms-diagnostics: 2000001;reason="No applicable user context claims found.";error_category="invalid_token" X-DiagInfo: HE1PR09MB0330 X-BEServer: HE1PR09MB0330 X-Powered-By: ASP.NET X-FEServer: DB5PR09CA0061 WWW-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_user_v1", authorization_uri="login.windows/common/oautA first chance exception of type 'Microsoft.Exchange.WebServices.Data.ServiceRequestException' occurred in Microsoft.Exchange.WebServices.dll h2/authorize", error="invalid_token",Basic Realm="",Basic Realm="" Date: Thu, 13 Aug 2015 13:57:17 GMT </Trace>

任何想法都将不胜感激.

Any idea would be greatly appreciated.

推荐答案

您的令牌中的作用域过多(即scp声明).该值只能是full_access_as_user.在Azure管理门户中，您唯一应具有的Office 365 Exchange Online权限是通过Exchange Web Services以登录用户身份访问邮箱".

Your token has too many scopes in it (i.e. the scp claim). That value should only be full_access_as_user. In the Azure Management Portal, the only Office 365 Exchange Online permission you should have is "Access mailboxes as the signed-in user via Exchange Web Services".