以下是关于 Microsoft365基于oauth2.0联合登陆的个人学习参考网址:
1、官方开发文档:https://docs.microsoft.com/zh-cn/graph/overview?view=graph-rest-1.0
2、注册应用程序文档:https://docs.microsoft.com/zh-cn/graph/auth/auth-concepts?context=graph%2Fapi%2F1.0&view=graph-rest-1.0
3、获取用户信息文档:https://docs.microsoft.com/zh-cn/graph/api/user-get?view=graph-rest-1.0&tabs=http#code-try-4
4、相关授权文档(oauth2):https://docs.microsoft.com/zh-cn/azure/active-directory/develop/v2-oauth2-auth-code-flow
5、Azure AD 身份验证和授权错误代码:https://docs.azure.cn/zh-cn/active-directory/develop/reference-aadsts-error-codes
Microsoft365联合登录步骤:
1、在微软官网申请账号,个人账号有200美金和短期的使用权,我目前是个人账号申请的
2、在Azure Active Directory注册应用程序,可参考上述链接第2点。应用注册完成后需要配置回调地址、证书和密码、API权限
上述配置完成后就正式开始撸代码啦~
/// <summary>
/// 获取微软 oauth2 联合登录授权页面Url
/// </summary>
/// <param name="clientId">应用程序Id,创建即生成</param>
/// <param name="scope">希望用户同意的范围权限,使用空格分隔多个权限</param>
/// <param name="redirectUri">回调Url,和应用程序的redirectUri保持一致</param>
/// <returns></returns>
public static string GetMsLoginUrl(string clientId, string scope, string redirectUri)
{
string loginUrl = string.Empty;
loginUrl = string.Format("https://login.microsoftonline.com/common/oauth2/v2.0/authorize?" +
"client_id={0}&scope={1}&response_type=code&redirect_uri={2}&response_mode=query",
HttpUtility.UrlEncode(clientId),
HttpUtility.UrlEncode(scope), //offline_access user.read mail.read
HttpUtility.UrlEncode(redirectUri));
return loginUrl;
}
/// <summary>
/// 微软 oauth2 授权完成后获取用户信息
/// </summary>
/// <param name="clientId">应用程序Id,创建即生成</param>
/// <param name="scope">希望用户同意的范围权限,使用空格分隔多个权限</param>
/// <param name="redirectUri">回调Url,和应用程序的redirectUri保持一致</param>
/// <param name="clientSecret">应用程序密钥,创建不会生成,需手动</param>
/// <param name="code">临时票据</param>
/// <returns></returns>
public static UserDetailResponse GetUserDetail(string clientId, string scope, string redirectUri, string clientSecret,
string code)
{
UserDetailResponse userInfo = null;
string result = string.Empty;
HttpClient client = new HttpClient();
try
{
string requestUrl = string.Format("https://login.microsoftonline.com/common/oauth2/v2.0/token");
var post = string.Format("client_id={0}&scope={1}&redirect_uri={2}&client_secret={3}&code={4}" +
"&grant_type=authorization_code",
HttpUtility.UrlEncode(clientId),
HttpUtility.UrlEncode(scope), //user.read mail.read
HttpUtility.UrlEncode(redirectUri),
clientSecret,
code);
result = HttpHelp.Post(requestUrl, post);
if (!string.IsNullOrEmpty(result))
{
string accessToken = JsonConvert.DeserializeAnonymousType(result, new { access_token = "" }).access_token;
//刷新令牌,在当前访问令牌到期后(access_token),应用程序可以使用此令牌获取新的访问令牌
string refreshAccessToken = JsonConvert.DeserializeAnonymousType(result, new { refresh_token = "" }).refresh_token;
if (!string.IsNullOrEmpty(accessToken))
{
requestUrl = "https://graph.microsoft.com/v1.0/me";
result = HttpHelp.Get(requestUrl, accessToken);
}
}
}
catch (Exception ex)
{
throw ex;
}
return userInfo;
}
/// <summary>
/// POST 请求资源
/// </summary>
/// <param name="url"></param>
/// <param name="parameters"></param>
/// <returns></returns>
public static string Post(string url, string parameters)
{
try
{
byte[] postData = Encoding.ASCII.GetBytes(parameters);
ServicePointManager.Expect100Continue = false;
WebRequest request = WebRequest.Create(url);
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = postData.Length;
Stream requestStream = request.GetRequestStream();
requestStream.Write(postData, 0, postData.Length);
requestStream.Close();
WebResponse response = request.GetResponse();
Stream stream = response.GetResponseStream();
StreamReader reader = new StreamReader(stream, Encoding.UTF8);
string content = reader.ReadToEnd();
reader.Close();
stream.Close();
return content;
}
catch (Exception ex)
{
return ex.ToString();
}
}
/// <summary>
/// GET 请求资源
/// </summary>
/// <param name="url"></param>
/// <param name="parameters"></param>
/// <returns></returns>
public static string Get(string url, string accessToken)
{
try
{
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
request.Method = "GET";
request.Headers.Add("Authorization", $"Bearer {accessToken}");
request.Headers.Add("Host", "graph.microsoft.com");
request.ContentType = "application/json";
using (HttpWebResponse resp = request.GetResponse() as HttpWebResponse)
{
using (StreamReader stream = new StreamReader(resp.GetResponseStream(), Encoding.UTF8))
{
string result = stream.ReadToEnd();
return result;
}
}
}
catch (Exception ex)
{
return ex.ToString();
}
}
欢迎各位一起留言一起交流一起学习~~