EWS 功能将身份验证转换为 oAuth 时出现问题
问题描述 投票:0回答:2
我正在将一些使用基本身份验证的旧代码转换为使用 oAuth。身份验证似乎工作正常,但之前工作的功能现在失败了
Dim mySession As New ExchangeService(ExchangeVersion.Exchange2016)
Dim cca = ConfidentialClientApplicationBuilder.Create(EWSClientId).WithClientSecret(EWSClientSecret).WithTenantId(EWSTenantId).Build
Dim authResult = Await cca.AcquireTokenForClient(EWSScopes).ExecuteAsync()
mySession.Credentials = New OAuthCredentials(authResult.AccessToken)
mySession.TraceListener = New TraceListener
mySession.TraceFlags = TraceFlags.All
mySession.TraceEnabled = True
mySession.ImpersonatedUserId = New ImpersonatedUserId(ConnectingIdType.SmtpAddress, EmailAddressToScan)
Try
mySession.AutodiscoverUrl(EmailAddressToScan, AddressOf RedirectionCallback)
Catch ex As Exception
mySession.Url = New Uri(EWSServerName)
End Try
Dim rootfolder As Folder = Folder.Bind(mySession, WellKnownFolderName.MsgFolderRoot)
EWSScopes 是 https://outlook.office365.com/.default
EWSServerName 是 https://outlook.office365.com/ews/exchange.asmx
EmailAddressToScan 是 [电子邮件受保护]
EWSClientId、EWSClientSecret 和 EWSTenantId 包含适当的值
身份验证似乎有效,我在标题调用中看到令牌,但 AutodiscoverUrl 和文件夹调用均失败。除了添加模拟行之外,代码还可以使用基本身份验证。
对于 AutodiscoverUrl,我收到错误“无法找到自动发现服务”。
我的标题为:
<Trace Tag="AutodiscoverRequestHttpHeaders" Tid="12" Time="2022-09-20 01:54:40Z">
POST /autodiscover/autodiscover.svc HTTP/1.1
Content-Type: text/xml; charset=utf-8
Accept: text/xml
User-Agent: ExchangeServicesClient/2.2.1.0
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6ImdXQ2g4b0hiQXRmdUM2bVJUSkh2YWZhdmIwUVRsQTFxbURyeHlaQmpvZ3ciLCJhbGciOiJSUzI1NiIsIng1dCI6IjJaUXBKM1VwYmpBWVhZR2FYRUpsOGxWMFRPSSIsImtpZCI6IjJaUXBKM1VwYmpBWVhZR2FYRUpsOGxWMFRPSSJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlMzY1LmNvbSIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzgyYjNlMzdlLTgxNzEtNDg1ZC1iMTBiLTM4ZGFlN2VkMTRhOC8iLCJpYXQiOjE2NjM2Mzg1NTcsIm5iZiI6MTY2MzYzODU1NywiZXhwIjoxNjYzNjQyNDU3LCJhaW8iOiJFMlpnWUZoeW42SEEvTkxQT05XUElVdW1XUXFsQXdBPSIsImFwcF9kaXNwbGF5bmFtZSI6IkVYTy1UUklNU2VydmljZUFjY291bnRzIiwiYXBwaWQiOiIxNWFiNTRmYy04OTk2LTRkZGMtOGY2MS03ZWYxYTMxOTQ3MTMiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC84MmIzZTM3ZS04MTcxLTQ4NWQtYjEwYi0zOGRhZTdlZDE0YTgvIiwib2lkIjoiYzI2YjM1MTEtZGI4Yy00OWIxLWIzMWMtZDYyN2RmMzdkYzgyIiwicmgiOiIwLkFVRUFmdU96Z25HQlhVaXhDemphNS0wVXFBSUFBQUFBQVBFUHpnQUFBQUFBQUFCQkFBQS4iLCJzaWQiOiJmNjY5NzlkMC0yMmI3LTRhNDYtOTVhYi1hODY0ZWU0NDEwODYiLCJzdWIiOiJjMjZiMzUxMS1kYjhjLTQ5YjEtYjMxYy1kNjI3ZGYzN2RjODIiLCJ0aWQiOiI4MmIzZTM3ZS04MTcxLTQ4NWQtYjEwYi0zOGRhZTdlZDE0YTgiLCJ1dGkiOiJmNUtuX3NUcWxrNnNoMWFUenBRREFBIiwidmVyIjoiMS4wIiwid2lkcyI6WyIwOTk3YTFkMC0wZDFkLTRhY2ItYjQwOC1kNWNhNzMxMjFlOTAiXX0.kl-Hl8HJ19rgeZGGXYaW8FrOOyt9xSuX2GXXERN9TFVkG0wttJacXYDC5fvGnWmQg86ACAPBReiT9zvX7xguNKPJdelhpwACMO4os3mB3GsjVmqqk3mAIXHZ0_75U77ReUEmvH_u1scppUlXnt-aM_yCLALp2NIkyqpE8BV3LTMNwoRsls5ya7M7i0HsIOBoezLScCAFDJy8WEfBi_yJjwOUEQdDLi0NEHs3qU9KA3t9KIDJTt4ZxlieO92mSr5OWJlgLGwFzqlxq-r5-rm1Z1fjDWJAq9IYvkqnB-BP-lpds1HX1LnuAS5_TtPRDAALJfskkwp5KdPj0uq9CKvT6g
</Trace>
身体是:
<Trace Tag="AutodiscoverRequest" Tid="12" Time="2022-09-20 01:54:40Z" Version="2.2.1.0">
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:a="http://schemas.microsoft.com/exchange/2010/Autodiscover" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<a:RequestedServerVersion>Exchange2013_SP1</a:RequestedServerVersion>
<wsa:Action>http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetUserSettings</wsa:Action>
<wsa:To>https://email.sydney.edu.au/autodiscover/autodiscover.svc</wsa:To>
</soap:Header>
<soap:Body>
<a:GetUserSettingsRequestMessage xmlns:a="http://schemas.microsoft.com/exchange/2010/Autodiscover">
<a:Request>
<a:Users>
<a:User>
<a:Mailbox>[email protected]</a:Mailbox>
</a:User>
</a:Users>
<a:RequestedSettings>
<a:Setting>InternalEwsUrl</a:Setting>
<a:Setting>ExternalEwsUrl</a:Setting>
</a:RequestedSettings>
</a:Request>
</a:GetUserSettingsRequestMessage>
</soap:Body>
</soap:Envelope>
</Trace>
响应是
<Trace Tag="AutodiscoverResponse" Tid="12" Time="2022-09-20 01:54:41Z">
Autodiscover service call failed with error 'The request failed. The remote server returned an error: (401) Unauthorized.'. Will try legacy service
</Trace>
<Trace Tag="AutodiscoverResponse" Tid="12" Time="2022-09-20 01:54:41Z">
Autodiscover service returned redirection URL 'https://www.sydney.edu.au/autodiscover/autodiscover.xml'.
</Trace>
<Trace Tag="AutodiscoverResponse" Tid="12" Time="2022-09-20 01:54:41Z">
Autodiscover service returned redirection URL 'https://email.sydney.edu.au/autodiscover/autodiscover.xml'.
</Trace>
对于文件夹调用,我收到错误“令牌包含的范围不足以进行此调用”。
我有
的标题<Trace Tag="EwsRequestHttpHeaders" Tid="12" Time="2022-09-20 01:55:21Z">
POST /ews/exchange.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
Accept: text/xml
User-Agent: ExchangeServicesClient/2.2.1.0
Accept-Encoding: gzip,deflate
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI6ImdXQ2g4b0hiQXRmdUM2bVJUSkh2YWZhdmIwUVRsQTFxbURyeHlaQmpvZ3ciLCJhbGciOiJSUzI1NiIsIng1dCI6IjJaUXBKM1VwYmpBWVhZR2FYRUpsOGxWMFRPSSIsImtpZCI6IjJaUXBKM1VwYmpBWVhZR2FYRUpsOGxWMFRPSSJ9.eyJhdWQiOiJodHRwczovL291dGxvb2sub2ZmaWNlMzY1LmNvbSIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzgyYjNlMzdlLTgxNzEtNDg1ZC1iMTBiLTM4ZGFlN2VkMTRhOC8iLCJpYXQiOjE2NjM2Mzg1NTcsIm5iZiI6MTY2MzYzODU1NywiZXhwIjoxNjYzNjQyNDU3LCJhaW8iOiJFMlpnWUZoeW42SEEvTkxQT05XUElVdW1XUXFsQXdBPSIsImFwcF9kaXNwbGF5bmFtZSI6IkVYTy1UUklNU2VydmljZUFjY291bnRzIiwiYXBwaWQiOiIxNWFiNTRmYy04OTk2LTRkZGMtOGY2MS03ZWYxYTMxOTQ3MTMiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC84MmIzZTM3ZS04MTcxLTQ4NWQtYjEwYi0zOGRhZTdlZDE0YTgvIiwib2lkIjoiYzI2YjM1MTEtZGI4Yy00OWIxLWIzMWMtZDYyN2RmMzdkYzgyIiwicmgiOiIwLkFVRUFmdU96Z25HQlhVaXhDemphNS0wVXFBSUFBQUFBQVBFUHpnQUFBQUFBQUFCQkFBQS4iLCJzaWQiOiJmNjY5NzlkMC0yMmI3LTRhNDYtOTVhYi1hODY0ZWU0NDEwODYiLCJzdWIiOiJjMjZiMzUxMS1kYjhjLTQ5YjEtYjMxYy1kNjI3ZGYzN2RjODIiLCJ0aWQiOiI4MmIzZTM3ZS04MTcxLTQ4NWQtYjEwYi0zOGRhZTdlZDE0YTgiLCJ1dGkiOiJmNUtuX3NUcWxrNnNoMWFUenBRREFBIiwidmVyIjoiMS4wIiwid2lkcyI6WyIwOTk3YTFkMC0wZDFkLTRhY2ItYjQwOC1kNWNhNzMxMjFlOTAiXX0.kl-Hl8HJ19rgeZGGXYaW8FrOOyt9xSuX2GXXERN9TFVkG0wttJacXYDC5fvGnWmQg86ACAPBReiT9zvX7xguNKPJdelhpwACMO4os3mB3GsjVmqqk3mAIXHZ0_75U77ReUEmvH_u1scppUlXnt-aM_yCLALp2NIkyqpE8BV3LTMNwoRsls5ya7M7i0HsIOBoezLScCAFDJy8WEfBi_yJjwOUEQdDLi0NEHs3qU9KA3t9KIDJTt4ZxlieO92mSr5OWJlgLGwFzqlxq-r5-rm1Z1fjDWJAq9IYvkqnB-BP-lpds1HX1LnuAS5_TtPRDAALJfskkwp5KdPj0uq9CKvT6g
</Trace>
身体:
<Trace Tag="EwsRequest" Tid="12" Time="2022-09-20 01:55:21Z" Version="2.2.1.0">
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<t:RequestServerVersion Version="Exchange2013_SP1" />
<t:ExchangeImpersonation>
<t:ConnectingSID>
<t:SmtpAddress>[email protected]</t:SmtpAddress>
</t:ConnectingSID>
</t:ExchangeImpersonation>
</soap:Header>
<soap:Body>
<m:GetFolder>
<m:FolderShape>
<t:BaseShape>AllProperties</t:BaseShape>
</m:FolderShape>
<m:FolderIds>
<t:DistinguishedFolderId Id="msgfolderroot" />
</m:FolderIds>
</m:GetFolder>
</soap:Body>
</soap:Envelope>
</Trace>
响应头是:
<Trace Tag="EwsResponseHttpHeaders" Tid="12" Time="2022-09-20 01:55:21Z">
HTTP/1.1 403
request-id: 616ab081-7eca-3eaa-830c-464f02f3b2b1
Alt-Svc: h3=":443",h3-29=":443"
X-CalculatedBETarget: SY4PR01MB6346.ausprd01.PROD.OUTLOOK.COM
X-BackEndHttpStatus: 403
X-RUM-Validated: 1
x-ms-appId: 15ab54fc-8996-4ddc-8f61-7ef1a3194713
Restrict-Access-Confirm: 1
x-ms-diagnostics: 2000008;reason="The token contains not enough scope to make this call.";error_category="invalid_grant"
X-BeSku: WCS6
X-DiagInfo: SY4PR01MB6346
X-BEServer: SY4PR01MB6346
X-Proxy-RoutingCorrectness: 1
X-Proxy-BackendServerStatus: 403
X-FirstHopCafeEFZ: SYD
X-FEProxyInfo: SYBPR01CA0157.AUSPRD01.PROD.OUTLOOK.COM
X-FEEFZInfo: SYD
X-FEServer: SYBPR01CA0157
Content-Length: 0
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Tue, 20 Sep 2022 01:55:20 GMT
Set-Cookie: exchangecookie=ee75b36c72834812b81e7c7cb5ab2a23; expires=Wed, 20-Sep-2023 01:55:21 GMT; path=/; secure; HttpOnly
Server: Microsoft-IIS/10.0
WWW-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000@*", token_types="app_asserted_user_v1 service_asserted_app_v1", error="invalid_token"
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
</Trace>
任何人都可以为我提供一些关于我做错了什么或配置不正确的指导吗?
2个回答
1
投票
投票
您无法将客户端凭据流中的令牌与 Autodiscoverv1 一起使用(在 EWS 中,它需要模拟,而自动发现中不支持),如果您的所有用户都在云中,则可以删除其冗余调用,您只需使用静态众所周知的 Office365 ews 端点“https://outlook.office365.com/ews/exchange.asmx”uri,如果您有混合邮箱并且需要检测邮箱是在本地还是在云中,我建议您使用未经身份验证的 Autodiscoverv2。
您尝试在 GetFolder 中使用的令牌不包含 EWS 的范围/角色,例如,如果获取您的令牌并使用 jwt.io 对其进行解码,则它不包含任何角色。您应该看到的一个示例是
这很可能意味着您没有将应用程序权限添加到应用程序注册中(例如,添加委托的一个常见错误)“full_access_as_app”,或者尚未在租户中获得同意。
0
投票
投票
确保在使用客户端凭据流时配置正确的权限。进入App注册页面,选择API权限。以下是使用 C# 和 msal 通过 Client-Credentials-Flow 从 Outlook Exchange 365 获取前 10 封电子邮件的示例。
program.cs
using Microsoft.Exchange.WebServices.Data;
using Microsoft.Identity.Client;
// Application (client) ID
const string appId = "YOURAPPID";
// Secret Value (not key)
const string clientSecret = "YOURSECRET";
// Directory (tenant) ID
const string tenantId = "YOURTENANT";
// Using Microsoft.Identity.Client 4.22.0
var cca = ConfidentialClientApplicationBuilder
.Create(appId)
.WithClientSecret(clientSecret)
.WithTenantId(tenantId)
.Build();
// The permission scope required for EWS access
var ewsScopes = new string[] { "https://outlook.office365.com//.default" };
//Make the token request
var authResult = await cca.AcquireTokenForClient(ewsScopes).ExecuteAsync();
// Configure the ExchangeService with the access token
var ewsClient = new ExchangeService
{
Url = new Uri("https://outlook.office365.com/EWS/Exchange.asmx"),
Credentials = new OAuthCredentials(authResult.AccessToken)
};
//Impersonate the mailbox you'd like to access.
ewsClient.ImpersonatedUserId = new
ImpersonatedUserId(ConnectingIdType.SmtpAddress, "YOUREMAIL");
try
{
//Retrieve the first 10 items in the Inbox
ewsClient.TraceEnabled = true;
var results = ewsClient.FindItems(WellKnownFolderName.Inbox, new ItemView(10));
foreach (var item in results)
{
if (item is not EmailMessage emailMessage)
continue;
emailMessage.Load(new PropertySet(BasePropertySet.FirstClassProperties, EmailMessageSchema.Body));
Console.WriteLine(emailMessage.DateTimeReceived);
Console.WriteLine(emailMessage.Subject);
Console.WriteLine(emailMessage.Body);
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
添加权限
转至Azure 上的应用程序注册,应用程序 > 应用程序注册 > 显示所有应用程序并选择您的应用程序。
转到API权限并选择添加权限
选择我的组织使用的 API 并搜索 Office 365,选择合适的 API。
选择应用程序权限
并授予代表邮件帐户访问电子邮件所需的权限。
最新问题
- nginx 重定向到索引页面
- 如何在Python中计算math.sqrt(-1)?
- Angular 19 独立组件错误:尽管导入了 HttpClientModule,“没有 _HttpClient 的提供程序”
- 不同加数问题贪心算法
- 我无法在 Ajax 中执行 Perl 脚本
- AVX2 / gcc:通过使用不同的寄存器来提高CPU级并行性
- 我无法在ajax中执行perl脚本
- 实体框架。直接编辑集合导航属性时的奇怪行为
- 在Python中检测比例参考线坐标
- 如何防止我的Python脚本在Windows上运行后立即关闭?
- Gridgain9 是 ignite2 还是 ignite3 的下游
- 如何修改JavaFX中的ChoiceBox复选标记?
- 在pygame中实时播放带有alpha通道和同步音频的两个混合视频?
- 如何在cypher-shell中使用环境变量NEO4J_PASSWORD
- ASP Classic IPN 侦听器可以工作,但现在不行了
- 如何实际使用 cv2.estimateAffine3D 在 python 中对齐 3d 点?
- 如何在 R 中生成具有跨多个组的 FDR 校正 P 值的分层汇总表
- 我无法使用 Exact Alarm 进行颤振本地通知
- Azure OpenAI Studio Playground:在向任何函数提交输出时,我的助手总是返回未定义的错误
- 如何对Bull.js与Redis服务器的连接实现完整而非部分的TLS保护?
© www.soinside.com 2019 - 2024. All rights reserved.