英文:
Trying to connect to MS Graph API from an Azure Fn Project
问题
我正在尝试在现有项目中创建一个新的 Azure 函数(az fn)... 我需要这个新函数在底层查询 Graph API。
以下代码不起作用,因为找不到 DelegateAuthenticationProvider 类的包/库:
string[] scopes = new[] { "https://graph.microsoft.com/.default" };
var confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(ApplicationClientID)
.WithTenantId(AzureTenantID)
.WithClientSecret(ApplicationClientSecret)
.Build();
// Build the Microsoft Graph client. As the authentication provider, set an async lambda
// which uses the MSAL client to obtain an app-only access token to Microsoft Graph,
// and inserts this access token in the Authorization header of each API request.
GraphServiceClient graphServiceClient =
new GraphServiceClient(new Microsoft.Graph.DelegateAuthenticationProvider(async (requestMessage) => {
// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
var authResult = await confidentialClient
.AcquireTokenForClient(scopes)
.ExecuteAsync();
// Add the access token in the Authorization header of the API request.
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
})
);
以下是项目文件的内容:
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<AzureFunctionsVersion>v4</AzureFunctionsVersion>
<RootNamespace>widgets</RootNamespace>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Azure.Identity" Version="1.9.0" />
<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.5.0" />
<PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.5" />
<PackageReference Include="Microsoft.Graph" Version="5.18.0" />
<PackageReference Include="Microsoft.Graph.Core" Version="3.0.9" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.54.1" />
<PackageReference Include="Microsoft.NET.Sdk.Functions" Version="4.1.1" />
<PackageReference Include="Microsoft.Azure.Services.AppAuthentication" Version="1.6.0" />
</ItemGroup>
<ItemGroup>
<None Update="host.json">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</None>
<None Update="local.settings.json">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
<CopyToPublishDirectory>Never</CopyToPublishDirectory>
</None>
</ItemGroup>
</Project>
我添加了以下依赖项以支持对 Graph 的调用:
<PackageReference Include="Microsoft.Graph" Version="5.18.0" />
<PackageReference Include="Microsoft.Graph.Core" Version="3.0.9" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.54.1" />
我理解 DelegateAuthenticationProvider 类是 Graph.Core 的一部分。
希望这只是一个非常简单的遗漏。任何提示将不胜感激。
英文:
I'm trying to create a new az fn in an existing project.... I need this new fn to query Graph Api under the hood.
The following code is not working because it can't find the package / library for DelegateAuthenticationProvider class:
string[] scopes = new[] { "https://graph.microsoft.com/.default" };
var confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(ApplicationClientID)
.WithTenantId(AzureTenantID)
.WithClientSecret(ApplicationClientSecret)
.Build();
// Build the Microsoft Graph client. As the authentication provider, set an async lambda
// which uses the MSAL client to obtain an app-only access token to Microsoft Graph,
// and inserts this access token in the Authorization header of each API request.
GraphServiceClient graphServiceClient =
new GraphServiceClient(new Microsoft.Graph.DelegateAuthenticationProvider(async (requestMessage) => {
// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
var authResult = await confidentialClient
.AcquireTokenForClient(scopes)
.ExecuteAsync();
// Add the access token in the Authorization header of the API request.
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
})
);
Here's the project file contents:
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<AzureFunctionsVersion>v4</AzureFunctionsVersion>
<RootNamespace>widgets</RootNamespace>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Azure.Identity" Version="1.9.0" />
<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.5.0" />
<PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.5" />
<PackageReference Include="Microsoft.Graph" Version="5.18.0" />
<PackageReference Include="Microsoft.Graph.Core" Version="3.0.9" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.54.1" />
<PackageReference Include="Microsoft.NET.Sdk.Functions" Version="4.1.1" />
<PackageReference Include="Microsoft.Azure.Services.AppAuthentication" Version="1.6.0" />
</ItemGroup>
<ItemGroup>
<None Update="host.json">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</None>
<None Update="local.settings.json">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
<CopyToPublishDirectory>Never</CopyToPublishDirectory>
</None>
</ItemGroup>
</Project>
I added the following dependencies to support this call to graph:
<PackageReference Include="Microsoft.Graph" Version="5.18.0" />
<PackageReference Include="Microsoft.Graph.Core" Version="3.0.9" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.54.1" />
It's my understanding that DelegateAuthenticationProvider class is a part of Graph.Core.
Hopefully it's something super simple I've missed. Any tips would be appreciated.
答案1
得分: 1
你尝试的方法在 Microsoft.Graph.Core 包的第3个版本之后似乎已被弃用。这里 你可以找到迁移说明。
看起来你正尝试使用 ClientSecret 进行身份验证,我认为这是你在寻找的文档。
文档中的代码:
// 客户端凭据流需要你请求 /.default 范围,并在 Azure 的应用注册中预先配置权限。
// 管理员必须事先同意这些权限。
var scopes = new[] { "https://graph.microsoft.com/.default" };
// 应用注册中的值
var clientId = "YOUR_CLIENT_ID";
var tenantId = "YOUR_TENANT_ID";
var clientSecret = "YOUR_CLIENT_SECRET";
// 使用 Azure.Identity;
var options = new ClientSecretCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
};
// https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential
var clientSecretCredential = new ClientSecretCredential(
tenantId, clientId, clientSecret, options);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
英文:
The way you are trying to do it seems deprecated since Version 3 of the Microsoft.Graph.Core package. Here you find the migration description.
As it seems you are trying to authenticate via ClientSecret, I think this is the documentation you are looking for.
Code from the documentation:
// The client credentials flow requires that you request the
// /.default scope, and pre-configure your permissions on the
// app registration in Azure. An administrator must grant consent
// to those permissions beforehand.
var scopes = new[] { "https://graph.microsoft.com/.default" };
// Values from app registration
var clientId = "YOUR_CLIENT_ID";
var tenantId = "YOUR_TENANT_ID";
var clientSecret = "YOUR_CLIENT_SECRET";
// using Azure.Identity;
var options = new ClientSecretCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
};
// https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential
var clientSecretCredential = new ClientSecretCredential(
tenantId, clientId, clientSecret, options);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论