EWS:“远程服务器返回错误(401)未授权”
我试图找到一个单一的项目fronm在目前情况下的所有项目,但我似乎不断收到此错误信息:EWS:“远程服务器返回错误(401)未授权”
The request failed. The remote server returned an error: (401) Unauthorized.
首先,我把一切都弄好访问Exchange服务:
var signInUserId = ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value;
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationResult authenticationResult = null;
AuthenticationContext authenticationContext = new AuthenticationContext(
SettingsHelper.Authority, new model.ADALTokenCache(signInUserId));
authenticationResult = authenticationContext.AcquireToken(
SettingsHelper.ServerName,
new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret));
ExchangeService exchange = new ExchangeService(ExchangeVersion.Exchange2013);
exchange.Url = new Uri(SettingsHelper.ServerName + "ews/exchange.asmx");
exchange.TraceEnabled = true;
exchange.TraceFlags = TraceFlags.All;
exchange.Credentials = new OAuthCredentials(authenticationResult.AccessToken);
然后我定义我希望收到(通过ID)什么项目:
ItemView view = new ItemView(5);
view.PropertySet = new PropertySet(BasePropertySet.IdOnly);
var tempId = id.Replace('-', '/').Replace('_', '+');
SearchFilter.IsEqualTo searchid = new SearchFilter.IsEqualTo(ItemSchema.Id, tempId);
最后但并非最不重要的,我尝试搜索这个项目,我的项目中:
FindItemsResults<Microsoft.Exchange.WebServices.Data.Item> results = exchange.FindItems(WellKnownFolderName.Inbox, searchid, view);
这是我的错误发生。我尝试了各种其他方式来做到这一点,但无论我做什么,我都会被授权。
有人可能以正确的方式引导我,为了解决这个问题?
编辑
我从收到的访问令牌:
authenticationResult = authenticationContext.AcquireToken(
SettingsHelper.ServerName,
new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret));
,我可以通过调试代码中看到。
没有刷新令牌存在,虽然,我不知道这是否有话要说?
编辑
我勉强我一路调试到在那里我看到这个exchange.ResponseHeaders
:
The access token is acquired using an authentication method that is too weak to allow access for this application. Presented auth strength was 1, required is 2
我decoded the JWT,因为这是我的结果:
{
typ: "JWT",
alg: "RS256",
x5t: "MnC_VZcATfM5pOYiJHMba9goEKY",
kid: "MnC_VZcATfM5pOYiJHMba9goEKY"
}.
{
aud: "https://outlook.office365.com/",
iss: "https://sts.windows.net/d35f5b06-f051-458d-92cc-2b8096b4b78b/",
iat: 1445416753,
nbf: 1445416753,
exp: 1445420653,
ver: "1.0",
tid: "d35f5b06-f051-458d-92cc-2b8096b4b78b",
oid: "c5da9088-987d-463f-a730-2706f23f3cc6",
sub: "c5da9088-987d-463f-a730-2706f23f3cc6",
idp: "https://sts.windows.net/d35f5b06-f051-458d-92cc-2b8096b4b78b/",
appid: "70af108f-5c8c-4ee4-a40f-ab0b6f5922e0",
appidacr: "1"
}.
[signature]
从哪里出发?
我而过去使用EWS已经得到这个错误“的访问令牌获取使用太弱的验证方法,以允许该应用程序访问。显示身份验证强度为1,需要的是2”
你需要做的是用证书强制你的认证。
AuthenticationContext authContext = new AuthenticationContext(authority);
exchangeService.Credentials = new OAuthCredentials(authContext.AcquireToken("https://outlook.office365.com", new ClientAssertionCertificate(ConfigurationManager.AppSettings["ida:ClientId"], certificate)).AccessToken);
关键部分是在ClientAssertion中定义一个新的ClientAssertionCertificate。
您还必须修改Azure Active Directory应用程序的清单。
只看该参考(约的“配置X.509证书公众对你的应用程序”的部分):https://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365
我建议强制设置“exchange.Credentials”,直到你已经工作了认证... 。因为它看起来像你的问题在那里.. – Seabizkit
exchange.Credentials = new WebCredentials(authEmailAddress,authEmailPassword,“DOMAINIFYOUHAVEONE”); – Seabizkit
@Seabizkit工作。这就是我做的开始,这工作得很好,但我想使用OAuth – Detilium