将使用代理的 Android 应用程序从 ADAL.NET 迁移到 MSAL.NETMigrate Android applications that use a broker from ADAL.NET to MSAL.NET

如果你的 Xamarin Android 应用当前使用适用于 .NET 的 Azure Active Directory 身份验证库 (ADAL.NET) 和身份验证代理,则可以迁移到适用于 .NET 的 Microsoft 身份验证库 (MSAL.NET)。If you have a Xamarin Android app currently using the Azure Active Directory Authentication Library for .NET (ADAL.NET) and an authentication broker, it's time to migrate to the Microsoft Authentication Library for .NET (MSAL.NET).

先决条件Prerequisites

  • Xamarin Android 应用已与需要迁移到 MSAL.NET 的代理(Microsoft AuthenticatorIntune Company Portal)和 ADAL.NET 集成。A Xamarin Android app already integrated with a broker (Microsoft Authenticator or Intune Company Portal) and ADAL.NET that you need to migrate to MSAL.NET.

步骤 1:启用中介Step 1: Enable the broker

当前 ADAL 代码:Current ADAL code:对应的 MSAL 代码:MSAL counterpart:
在 ADAL.NET 中,代理支持将按身份验证上下文启用。In ADAL.NET, broker support is enabled on a per-authentication context basis.

若要调用代理,必须在 PlatformParameters 构造函数中将 useBroker 设置为 true:To call the broker, you had to set a useBroker to true in the PlatformParameters constructor:

public PlatformParameters(
        Activity callerActivity,
        bool useBroker)

在适用于 Android 的特定于平台的页面呈现器代码中,将 useBroker 标志设置为 true:In the platform-specific page renderer code for Android, you set the useBroker flag to true:

page.BrokerParameters = new PlatformParameters(
        this,
        true,
        PromptBehavior.SelectAccount);

然后,在获取令牌调用中包含参数:Then, include the parameters in the acquire token call:

AuthenticationResult result =
        await
            AuthContext.AcquireTokenAsync(
                Resource,
                ClientId,
                new Uri(RedirectURI),
                platformParameters)
                .ConfigureAwait(false);
在 MSAL.NET 中,中介支持是按 PublicClientApplication 启用的。In MSAL.NET, broker support is enabled on a per-PublicClientApplication basis.

使用 WithBroker() 参数(默认设置为 true)以调用代理:Use the WithBroker() parameter (which is set to true by default) to call broker:

var app = PublicClientApplicationBuilder
                .Create(ClientId)
                .WithBroker()
                .WithRedirectUri(redirectUriOnAndroid)
                .Build();

然后,在 AcquireToken 调用中:Then, in the AcquireToken call:

result = await app.AcquireTokenInteractive(scopes)
             .WithParentActivityOrWindow(App.RootViewController)
             .ExecuteAsync();

步骤 2:设置活动Step 2: Set an Activity

在 ADAL.NET 中,已将活动(通常是 MainActivity)作为 PlatformParameters 的一部分传入,如步骤 1:启用代理所示。In ADAL.NET, you passed in an activity (usually the MainActivity) as part of the PlatformParameters as shown in Step 1: Enable the broker.

MSAL.NET 也使用活动,但这在无代理的常规 Android 使用情况下不是必需的。MSAL.NET also uses an activity, but it's not required in regular Android usage without a broker. 若要使用代理,请设置活动以向代理发送响应以及接收来自代理的响应。To use the broker, set the activity to send and receive responses from broker.

当前 ADAL 代码:Current ADAL code:对应的 MSAL 代码:MSAL counterpart:
该活动会传递到 Android 特定平台中的 PlatformParameters。The activity is passed into the PlatformParameters in the Android-specific platform.
page.BrokerParameters = new PlatformParameters(
          this,
          true,
          PromptBehavior.SelectAccount);

在 MSAL.NET 中,请执行以下两项操作,针对 Android 设置该活动:In MSAL.NET, do two things to set the activity for Android:

  1. MainActivity.cs 中,将 App.RootViewController 设置为 MainActivity,以确保存在一个活动,其中包含对代理的调用。In MainActivity.cs, set the App.RootViewController to the MainActivity to ensure there's an activity with the call to the broker.

    如果未正确设置此项,可能会收到以下错误:"Activity_required_for_android_broker":"Activity is null, so MSAL.NET cannot invoke the Android broker. See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Leveraging-the-broker-on-iOS-and-Android"If it's not set correctly, you may get this error: "Activity_required_for_android_broker":"Activity is null, so MSAL.NET cannot invoke the Android broker. See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Leveraging-the-broker-on-iOS-and-Android"

  2. 在 AcquireTokenInteractive 调用中,使用 .WithParentActivityOrWindow(App.RootViewController) 并传入对你要使用的活动的引用。On the AcquireTokenInteractive call, use the .WithParentActivityOrWindow(App.RootViewController) and pass in the reference to the activity you will use. 此示例将使用 MainActivity。This example will use the MainActivity.

例如:For example:

在 App.cs 中:In App.cs:

   public static object RootViewController { get; set; }

在 MainActivity.cs 中:In MainActivity.cs:

   LoadApplication(new App());
   App.RootViewController = this;

在 AcquireToken 调用中:In the AcquireToken call:

result = await app.AcquireTokenInteractive(scopes)
             .WithParentActivityOrWindow(App.RootViewController)
             .ExecuteAsync();

后续步骤Next steps

有关将 MSAL.NET 与 Xamarin 配合使用时特定于 Android 的注意事项的详细信息,请参阅 Xamarin Android 与 MSAL.NET 配合使用时的配置要求和故障排除提示For more information about Android-specific considerations when using MSAL.NET with Xamarin, see Configuration requirements and troubleshooting tips for Xamarin Android with MSAL.NET.