EWS GetUserPhoto 从基本身份验证切换到 OAuth答案

【问题标题】：EWS GetUserPhoto switch from Basic Auth to OAuthEWS GetUserPhoto 从基本身份验证切换到 OAuth
【发布时间】：2021-05-09 15:25:47
【问题描述】：

我一直在使用基本身份验证来获取用户照片，如下所示。

string email = "SomeEmail@email.com";

HttpWebRequest request = WebRequest.Create(string.Format("https://outlook.office365.com/EWS/Exchange.asmx/s/GetUserPhoto?email={0}&size=HR648x648", email)) as HttpWebRequest;
request.Credentials = new NetworkCredential("SomeID", "SomePwd");

using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
{
       Stream stream = response.GetResponseStream();
       using (MemoryStream ms = new MemoryStream())
       {
           string encodedPhoto = Convert.ToBase64String((ms.ToArray()));
       }
}

但由于 EWS 的基本身份验证将被停用，我正在尝试将 OAuth 2.0 用于相同的请求。这是我迄今为止尝试过的。

var pcaOptions = new PublicClientApplicationOptions
{
     ClientId = ConfigurationManager.AppSettings["appId"],
     TenantId = ConfigurationManager.AppSettings["tenantId"]
};

var pca = PublicClientApplicationBuilder.CreateWithApplicationOptions(pcaOptions).Build();
var ewsScopes = new string[] { "https://outlook.office365.com/EWS.AccessAsUser.All" };
var authResult = await pca.AcquireTokenInteractive(ewsScopes).ExecuteAsync();

var ewsClient = new ExchangeService();

string email = "SomeEmail@Email.com";
ewsClient.Url = new Uri(string.Format("https://outlook.office365.com/EWS/Exchange.asmx/s/GetUserPhoto?email={0}&size=HR648x648", email));
ewsClient.Credentials = new OAuthCredentials(authResult.AccessToken);

如何继续从这里获取用户照片？任何帮助或信息将不胜感激。

【问题讨论】：

标签： c# oauth-2.0 azure-active-directory microsoft-graph-api exchangewebservices

【解决方案1】：

您不需要使用 EWS 托管 API，您只需修改现有代码以包含访问令牌，例如

   string email = "SomeEmail@email.com";

   HttpWebRequest request = WebRequest.Create(string.Format("https://outlook.office365.com/EWS/Exchange.asmx/s/GetUserPhoto?email={0}&size=HR648x648", email)) as HttpWebRequest;
   request.Headers.Add("Authorization", "Bearer " + authResult.AccessToken);

 using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
 {
    Stream stream = response.GetResponseStream();
    using (MemoryStream ms = new MemoryStream())
    {
        string encodedPhoto = Convert.ToBase64String((ms.ToArray()));
    }
 }

或者，如果您确实想使用 EWS 托管 API，您可以使用类似

    String ETag = "";
    GetUserPhotoResults grPhoto = service.GetUserPhoto("user@domain.com", "HR240x240", ETag);
    if (grPhoto.Status == GetUserPhotoStatus.PhotoReturned) 
    {
        ETag = grPhoto.EntityTag; 
    }
    grPhoto = service.GetUserPhoto("user@domain.com", "HR240x240", ETag);
    switch (grPhoto.Status) 
    {
        case GetUserPhotoStatus.PhotoReturned: ETag = grPhoto.EntityTag;
            break;
        case GetUserPhotoStatus.PhotoUnchanged:
            Console.WriteLine("Photo Unchanged");
            break;
    }

【讨论】：

谢谢！有用。但我有一个问题。目前我正在使用委托权限来获取令牌，但我想使用应用程序权限，以便它可以在没有用户登录的情况下运行。我尝试使用docs.microsoft.com/en-us/exchange/client-developer/… 中的指南，并在 API 权限中添加了full_access_as_app，但它需要管理员同意。使用full_access_as_app 只是为了拍照似乎有点过头了。有没有其他办法？
使用 Graph api（请参阅其他答案）是最小化所需权限的最佳方法。您可以使用 ROPC 授权，例如 stackoverflow.com/questions/61018045/…，并将您的服务帐户凭据保存在 KeyVault 之类的东西中以确保它们的安全。

【解决方案2】：

我建议您使用 Microsoft Graph API 来获取用户照片。参考，https://docs.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0

使用图形资源管理器尝试一下

https://developer.microsoft.com/en-us/graph/graph-explorer?request=me%2Fphoto%2F%24value&method=GET&version=v1.0&GraphUrl=https://graph.microsoft.com

开始使用 Graph .Net SDK https://docs.microsoft.com/en-us/graph/sdks/sdks-overview

GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var stream = await graphClient.Me.Photo.Content
            .Request()
            .GetAsync();

【讨论】：