问更改用户密码以使用Azure Graph

EN

 private OpenIdConnectAuthenticationOptions CreateOptionsFromPolicy(string policy)
    {
        return new OpenIdConnectAuthenticationOptions
        {
            // For each policy, give OWIN the policy-specific metadata address, and
            // set the authentication type to the id of the policy
            // meta data
            MetadataAddress = "https://login.microsoftonline.com/" + "mytenant" + "/v2.0/.well-known/openid-configuration?p=" + policy,
            AuthenticationType = policy,

            // These are standard OpenID Connect parameters, with values pulled from web.config
            ClientId = AzureAdConfig.ClientId,
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthorizationCodeReceived = OnAuthorizationCodeReceived,
                AuthenticationFailed = OnAuthenticationFailed,
                SecurityTokenValidated = OnSecurityTokenValidated,
                RedirectToIdentityProvider = OnRedirectToIdentityProvider,
            },
            Scope = "openid",
            ResponseType = "id_token",

            // This piece is optional - it is used for displaying the user's name in the navigation bar.
            TokenValidationParameters = new TokenValidationParameters
            {
                NameClaimType = "name",
            }
        };
    }

 public async Task<HttpResponseMessage> ChangePassword(string currentPassword, string newPassword)
    {
        string userId = ClaimValues.ObjectIdentifier();
        var adUser = _activeDirectoryClient.Users
            .Where(u => u.ObjectId.Equals(userId))
            .ExecuteAsync().Result.CurrentPage.FirstOrDefault();

        string upn = adUser.UserPrincipalName;
        var client = new HttpClient();
        string uriString = "https://login.microsoftonline.com/"+ AzureAdConfig.Tenant + "/oauth2/token";
        Uri requestUri = new Uri(uriString);
        string requestString = "resource=https%3a%2f%2fgraph.windows.net&client_id=" + AzureAdConfig.AppId + "&grant_type=password&username=" + upn + "&password=" + currentPassword + "&client_secret=" + AzureAdConfig.AppKey;
        var tokenResult = await client.PostAsync(requestUri, new StringContent(requestString, Encoding.UTF8, "application/x-www-form-urlencoded"));
        if (tokenResult.IsSuccessStatusCode)
        {
            var stringResult = await tokenResult.Content.ReadAsStringAsync();
            GraphApiTokenResult objectResult = JsonConvert.DeserializeObject<GraphApiTokenResult>(stringResult);
            client = new HttpClient();
            string requestUrl = AzureAdConfig.GraphResourceId + AzureAdConfig.Tenant + "/me/changePassword?" + AzureAdConfig.GraphVersion;
            Uri graphUri = new Uri(requestUrl);
            client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", objectResult.access_token);
            requestString = JsonConvert.SerializeObject(new
            {
                currentPassword = currentPassword,
                newPassword = newPassword
            });
            var response = await client.PostAsync(graphUri, new StringContent(requestString, Encoding.UTF8, "application/json"));
            return response;
        }
        else
        {
            return tokenResult;
        }
    }