將.NET應用程序的ArcGIS MAPS SDK遷移到新的身份驗證系統

2024年，ArcGIS MAPS SDK為.NET團隊引入了對身份驗證API的重大更改，作為長期努力的一部分，以簡化

In 2024, the ArcGIS Maps SDK for .NET team introduced significant changes to authentication APIs as part of a long-term effort to simplify and align the .NET Maps SDK with other Native Maps SDKs. This transition also involved deprecating older APIs to streamline development and maintain compatibility with the broader ArcGIS Platform.

2024年，ArcGIS MAPS SDK的.NET團隊對身份驗證API進行了重大更改，這是長期努力的一部分，以簡化和對齊.NET MAPS SDK與其他本機映射SDK。這種過渡還涉及將較舊的API貶低以簡化與更廣泛的ArcGIS平台的兼容性。

This blog post will guide you through this transition, highlighting new capabilities, outlining clear paths from deprecated APIs, and providing practical code examples to help you implement these changes quickly and confidently.

這篇博客文章將指導您完成此過渡，突出新功能，概述不棄用API的清晰路徑，並提供實用的代碼示例，以幫助您快速，自信地實施這些更改。

New Credential Types

新的憑證類型

Let’s start by exploring the new credential types that form the foundation of the updated authentication system.

首先，讓我們探索構成更新的身份驗證系統基礎的新憑證類型。

OAuthUserCredential (200.6+)

Oauthusercredential（200.6+）

This replaces OAuthTokenCredentials of type OAuthAuthorizationCode.

這取代了OauthauthorizationCode類型的Oauthtokencredentials。

OAuthUserCredential implements user authentication using OAuth “authorization code” flow with PKCE. This is the recommended approach for authenticating end users, providing extra security compared to other methods.

Oauthusercredential使用PKCE使用OAUTH“授權代碼”流實現用戶身份驗證。這是對最終用戶進行身份驗證的建議方法，與其他方法相比，提供了額外的安全性。

When a user signs in to your application with their ArcGIS account, a token is generated that authorizes your app to access services and content on behalf of the user. The available resources and functionality depend on the user’s ArcGIS account type, roles, and privileges.

當用戶使用其ArcGIS帳戶登錄您的應用程序時，生成了一個令牌，該令牌授權您的應用代表用戶訪問服務和內容。可用的資源和功能取決於用戶的ArcGIS帳戶類型，角色和特權。

To implement this authentication flow, you need to:

要實現此身份驗證流，您需要：

Our Access services with OAuth credentials tutorial provides a complete implementation example.

我們使用OAuth憑據教程的訪問服務提供了一個完整的實施示例。

OAuthAppCredential (200.5+)

Oauthappcredential（200.5+）

This replaces OAuthTokenCredentials of type OAuthClientCredentials.

這取代了oauthclientcredentials類型的Oauthtokencredentials。

OAuthApplicationCredential implements app authentication using OAuth “client credentials” flow. Use this to create applications that do not require users to sign in, but still need access to token-secured resources and services.

OAuthApplicationCredential使用OAuth“客戶端憑據”流進行應用程序身份驗證。使用此功能創建不需要用戶登錄的應用程序，但仍需要訪問令牌保存的資源和服務。

With this approach, requests are made using the credits and privileges associated with your app’s account rather than an individual user’s account. An app credential is created from a client ID and client secret that have been pre-registered with the portal.

使用這種方法，請使用與應用程序帳戶相關的信用和特權提出請求，而不是單個用戶的帳戶。由已通過門戶進行預註冊的客戶端ID和客戶端秘密創建APP憑據。

The client secret should be treated as confidential information since it allows direct billing to your developer account. This authentication method is intended for secure environments where credentials cannot be easily exposed to end users. Never include your client secret in publicly distributed applications.

客戶秘密應被視為機密信息，因為它允許直接向您的開發人員帳戶賬單。這種身份驗證方法旨在適用於無法輕易暴露於最終用戶的安全環境。切勿將您的客戶秘密包括在公開分佈式應用程序中。

AccessTokenCredential (200.6+)

AccessTokenCredential（200.6+）

This replaces ArcGISTokenCredentials created by GenerateCredentialAsync.

這取代了generateCredentialAsync創建的Arcgistokencredentials。

AccessTokenCredential provides an access token for secured ArcGIS content and services. You can obtain this token in several ways:

AccessTokenCredential為有安全的ArcGIS內容和服務提供了訪問令牌。您可以通過幾種方式獲得這個令牌：

Our ArcGIS token challenge sample shows how to create this credential in response to an authentication challenge. You can also create and add a credential to the AuthenticationManager before accessing secured services.

我們的ArcGIS代幣挑戰樣本顯示瞭如何根據身份驗證挑戰來創建此證書。您還可以在訪問有擔保服務之前在AuthenticationManager中創建並添加憑據。

PregeneratedTokenCredential (200.5+)

前生物列（200.5+）

This replaces ArcGISTokenCredentials created by the token-string constructor.

這取代了令牌弦構建器創建的Arcgistokencredentials。

PregeneratedTokenCredential accesses token-secured ArcGIS content and services using an independently generated token. This credential type gives you flexibility when integrating with custom authentication systems. Use it when you:

使用獨立生成的代幣，PregeneratedTokencreDential訪問令牌扣除的ArcGIS內容和服務。與自定義身份驗證系統集成時，這種憑證類型為您提供了靈活性。當您使用它：

New Supporting APIs

新的支持API

Beyond the credential types themselves, several supporting APIs have been added to enhance flexibility and control.

除了憑據類型本身之外，還添加了幾種支持API，以增強靈活性和控制。

Server Certificate Validation (200.6+)

服務器證書驗證（200.6+）

When working with HTTPS services, you can now customize how SSL/TLS certificates are validated. Specify a custom callback when configuring HTTP settings to examine all SSL connections made by the Maps SDK.

使用HTTPS服務時，您現在可以自定義如何驗證SSL/TLS證書。在配置HTTP設置以檢查MAPS SDK製作的所有SSL連接時，請指定自定義回調。

Server certificates are usually validated by the operating system using default policies and known Certificate Authorities, but your own validator can accept or reject connections based on custom criteria. For example:

服務器證書通常通過操作系統使用默認策略和已知證書機構驗證，但是您自己的驗證器可以根據自定義標準接受或拒絕連接。例如：

The callback uses the standard .NET RemoteCertificateValidationCallback signature. For more information including code examples, see Microsoft’s guide to custom X509Certificate validation.

回調使用標準.NET remoteCertificateValidationCallback簽名。有關代碼示例在內的更多信息，請參見Microsoft的自定義X509Certificate驗證指南。

IHttpMessageInterceptor (200.5+)

ihttpmessageInterceptor（200.5+）

The new IHttpMessageInterceptor interface allows you to monitor, modify, or even mock HTTP requests and responses. This powerful capability can be configured globally when configuring HTTP settings on startup. Common use cases include:

新的IHTTPMessageInterceptor接口使您可以監視，修改甚至模擬HTTP請求和響應。在啟動時配置HTTP設置時，可以在全球配置此功能強大的功能。常見用例包括：

Logging and Diagnostics: Log request and response details for monitoring and debugging:

記錄和診斷：日誌請求和響應詳細信息，用於監視和調試：

import logging

導入記錄

logger = logging.getLogger(__name__)

logger = logging.getLogger（__名稱__）

class MessageInterceptor(IHttpMessageInterceptor):

類MessageInterceptor（IHTTPMESSAGEINTERCEPTOR）：

"""Logs request and response details to the console."""

“”“日誌請求和響應詳細信息對控制台。”“”

def OnRequest(self, request, cancellationToken):

def onRequest（自我，請求，取消token）：

"""Called before a request is sent."""

“”“在發送請求之前打電話。”“”

logger.info(f"Request: {request.Method} {request.RequestUri}")

logger.info（f“請求：{request.method} {request.requesturi}”）

for header in request.Headers:

對於請求中的標題。

logger.info(f" Header: {header}")

logger.info（f“標頭：{header}”）

async def main():

異步def main（）：

"""Main function to configure and run the message interceptor."""

“”“要配置和運行消息攔截器的主要功能。”“”

message_interceptor = MessageInterceptor()

Message_interceptor = MessageInterceptor（）

http_settings = HttpSettings.Builder().AddMessageInterceptor(message_interceptor).Build()

http_settings = httpsettings.builder（）。

async with AuthenticationManager.CreateInstanceAsync(credentials, http_settings) as auth_manager:

帶有AuthenticationManager.CreateinStanceAsync（憑據，http_settings）的異步

user = await ArcGISUser.CurrentUserAsync(auth_manager)

user =等待arcgisuser.currentuserasync（auth_manager）

logger.info(f"Logged in as: {user.Username}")

logger.info（f“登錄as：{user.username}”）

if __name__ == "__main__":

如果__name__ ==“ __ -main __”：

logging.basicConfig(level=logging.INFO, format='%(asctime

loggging.basicconfig（level = logging.info，格式='％（asctime