1

当用户和应用程序位于相同的 Azure AD 环境中时,我已按照链接使用 MIP SDK 使用 MIP SDK(1.6.113) 解密加密的 Office 365 电子邮件成功解密 rpmsg。如果我尝试解密从 MS 365 个人帐户发送的 rpmsg,我将无法解密。

AcquireToken 代码被调用两次。当调用 AddEngineAsync 时,获取令牌的第一次调用具有传入参数:

身份 = Microsoft.InformationProtection.Identity
权限 = " https://login.windows.net/common "
资源 = " https://syncservice.o365syncservice.com/ "
声明 = ""

在调用 CreateFileHandlerAsync 时,获取令牌的第二次调用具有传入参数:

身份 = Microsoft.InformationProtection.Identity
authority = " https://login.windows.net/54485d23-c432-40fe-8436-6091d627118c "
资源 = " https://aadrm.com "
声明 = ""

然后代码给了我以下异常:

System.AggregateException
HResult=0x80131500
Message=One or more errors occurred.
Source=mscorlib

StackTrace:
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task`1.get_Result()
at MipSdkDotNetQuickstart.Action.CreateFileHandler(FileOptions options) in C:\MyGitHub\MipSdk-Dotnet-File-ServicePrincipalAuth-master\mip-sdk-dotnet-file-SPA\Action.cs:line 179
at MipSdkDotNetQuickstart.Action.RemoveProtection(FileOptions options) in C:\MyGitHub\MipSdk-Dotnet-File-ServicePrincipalAuth-master\mip-sdk-dotnet-file-SPA\Action.cs:line 212
at MipSdkDotNetQuickstart.Program.Main(String[] args) in C:\MyGitHub\MipSdk-Dotnet-File-ServicePrincipalAuth-master\mip-sdk-dotnet-file-SPA\Program.cs:line 111

This exception was originally thrown at this call stack:
[External Code]
MipSdkDotNetQuickstart.Action.CreateFileHandler.AnonymousMethod__0() in Action.cs

Inner Exception 1:
AccessDeniedException: The service didn't accept the auth token. Challenge:['Bearer resource="https://aadrm.com", realm="54485d23-c432-40fe-8436-6091d627118c", authorization="https://login.windows.net/54485d23-c432-40fe-8436-6091d627118c/oauth2/authorize"'], CorrelationId=f63bb5f6-009f-4b9f-a4b7-621df958845b, CorrelationId.Description=FileEngine

这里可能是什么问题?

谢谢

4

1 回答 1

1

如果您使用 MSAL 获取令牌

  • 当使用资源“https://syncservice.o365syncservice.com/”调用 AcquireToken 时 ,您必须调用 app.AcquireTokenSilent(new[]{ "https://psor.o365syncservice.com/UnifiedPolicy.User.Read" }, firstAccount) .ExecuteAsync();

  • 当使用资源“https://aadrm.com”调用 AcquireToken 时 ,您必须调用 app.AcquireTokenSilent(new[]{ "https://aadrm.com/user_impersonation" }, firstAccount).ExecuteAsync();

于 2020-09-27T12:37:35.897 回答