1

我有一个使用预览 2.0 端点的 MVC 应用程序。个人资料图像不是默认对象,我有点失望。话虽如此,我在尝试弄清楚如何使用端点正确获取个人资料图片时遇到了问题。

有任何想法吗?

4

1 回答 1

2

如您所述,Azure AD 的 OpenId 连接目前不支持获取用户的个人资料图片。

但是,如果您只使用 Azure AD 帐户,我们可以使用 Microsoft Graph 单独获取用户的个人资料图片。要调用此 REST,我们可以将 User.Read 范围授予应用程序,以下是供您参考的代码:

 app.UseOpenIdConnectAuthentication(
            new OpenIdConnectAuthenticationOptions
            {
                // The `Authority` represents the v2.0 endpoint - https://login.microsoftonline.com/common/v2.0
                // The `Scope` describes the initial permissions that your app will need.  See https://azure.microsoft.com/documentation/articles/active-directory-v2-scopes/                    
                ClientId = clientId,
                Authority = String.Format(CultureInfo.InvariantCulture, aadInstance, "common", "/v2.0"),
                RedirectUri = redirectUri,                    
                Scope = "openid email profile offline_access Mail.Read User.Read",
                PostLogoutRedirectUri = redirectUri,
                TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = false,
                    // In a real application you would use IssuerValidator for additional checks, like making sure the user's organization has signed up for your app.
                    //     IssuerValidator = (issuer, token, tvp) =>
                    //     {
                    //        //if(MyCustomTenantValidation(issuer)) 
                    //        return issuer;
                    //        //else
                    //        //    throw new SecurityTokenInvalidIssuerException("Invalid issuer");
                    //    },
                },
                Notifications = new OpenIdConnectAuthenticationNotifications
                {
                    // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away.
                    AuthorizationCodeReceived = async (context) =>
                    {
                        var code = context.Code;
                        string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value;
                        ConfidentialClientApplication cca = new ConfidentialClientApplication(clientId, redirectUri,
                           new ClientCredential(appKey), 
                           new MSALSessionCache(signedInUserID, context.OwinContext.Environment["System.Web.HttpContextBase"] as HttpContextBase));
                        string[] scopes = { "Mail.Read User.Read" };
                        try
                        {
                            AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(scopes, code);
                        }
                        catch (Exception eee)
                        {

                        }
                    },
                    AuthenticationFailed = (notification) =>
                    {
                        notification.HandleResponse();
                        notification.Response.Redirect("/Error?message=" + notification.Exception.Message);
                        return Task.FromResult(0);
                    }
                }
            });

然后我们可以像下面的请求一样获取 Azure AD 用户的个人资料图片:

Get: https://graph.microsoft.com/v1.0/me/photo/$value
authorization: bearer {token}

并且经测试,Microsoft Graph 目前不支持获取 Microsoft Account 的头像。如果您希望它也支持 Microsoft 帐户,您可以从此处提交反馈。

于 2016-10-10T06:37:39.953 回答