将.NET应用程序的ArcGIS MAPS SDK迁移到新的身份验证系统

2024年，ArcGIS MAPS SDK为.NET团队引入了对身份验证API的重大更改，作为长期努力的一部分，以简化

In 2024, the ArcGIS Maps SDK for .NET team introduced significant changes to authentication APIs as part of a long-term effort to simplify and align the .NET Maps SDK with other Native Maps SDKs. This transition also involved deprecating older APIs to streamline development and maintain compatibility with the broader ArcGIS Platform.

2024年，ArcGIS MAPS SDK的.NET团队对身份验证API进行了重大更改，这是长期努力的一部分，以简化和对齐.NET MAPS SDK与其他本机映射SDK。这种过渡还涉及将较旧的API贬低以简化与更广泛的ArcGIS平台的兼容性。

This blog post will guide you through this transition, highlighting new capabilities, outlining clear paths from deprecated APIs, and providing practical code examples to help you implement these changes quickly and confidently.

这篇博客文章将指导您完成此过渡，突出新功能，概述不弃用API的清晰路径，并提供实用的代码示例，以帮助您快速，自信地实施这些更改。

New Credential Types

新的凭证类型

Let’s start by exploring the new credential types that form the foundation of the updated authentication system.

首先，让我们探索构成更新的身份验证系统基础的新凭证类型。

OAuthUserCredential (200.6+)

Oauthusercredential（200.6+）

This replaces OAuthTokenCredentials of type OAuthAuthorizationCode.

这取代了OauthauthorizationCode类型的Oauthtokencredentials。

OAuthUserCredential implements user authentication using OAuth “authorization code” flow with PKCE. This is the recommended approach for authenticating end users, providing extra security compared to other methods.

Oauthusercredential使用PKCE使用OAUTH“授权代码”流实现用户身份验证。这是对最终用户进行身份验证的建议方法，与其他方法相比，提供了额外的安全性。

When a user signs in to your application with their ArcGIS account, a token is generated that authorizes your app to access services and content on behalf of the user. The available resources and functionality depend on the user’s ArcGIS account type, roles, and privileges.

当用户使用其ArcGIS帐户登录您的应用程序时，生成了一个令牌，该令牌授权您的应用代表用户访问服务和内容。可用的资源和功能取决于用户的ArcGIS帐户类型，角色和特权。

To implement this authentication flow, you need to:

要实现此身份验证流，您需要：

Our Access services with OAuth credentials tutorial provides a complete implementation example.

我们使用OAuth凭据教程的访问服务提供了一个完整的实施示例。

OAuthAppCredential (200.5+)

Oauthappcredential（200.5+）

This replaces OAuthTokenCredentials of type OAuthClientCredentials.

这取代了oauthclientcredentials类型的Oauthtokencredentials。

OAuthApplicationCredential implements app authentication using OAuth “client credentials” flow. Use this to create applications that do not require users to sign in, but still need access to token-secured resources and services.

OAuthApplicationCredential使用OAuth“客户端凭据”流进行应用程序身份验证。使用此功能创建不需要用户登录的应用程序，但仍需要访问令牌保存的资源和服务。

With this approach, requests are made using the credits and privileges associated with your app’s account rather than an individual user’s account. An app credential is created from a client ID and client secret that have been pre-registered with the portal.

使用这种方法，请使用与应用程序帐户相关的信用和特权提出请求，而不是单个用户的帐户。由已通过门户进行预注册的客户端ID和客户端秘密创建APP凭据。

The client secret should be treated as confidential information since it allows direct billing to your developer account. This authentication method is intended for secure environments where credentials cannot be easily exposed to end users. Never include your client secret in publicly distributed applications.

客户秘密应被视为机密信息，因为它允许直接向您的开发人员帐户账单。这种身份验证方法旨在适用于无法轻易暴露于最终用户的安全环境。切勿将您的客户秘密包括在公开分布式应用程序中。

AccessTokenCredential (200.6+)

AccessTokenCredential（200.6+）

This replaces ArcGISTokenCredentials created by GenerateCredentialAsync.

这取代了generateCredentialAsync创建的Arcgistokencredentials。

AccessTokenCredential provides an access token for secured ArcGIS content and services. You can obtain this token in several ways:

AccessTokenCredential为有安全的ArcGIS内容和服务提供了访问令牌。您可以通过几种方式获得这个令牌：

Our ArcGIS token challenge sample shows how to create this credential in response to an authentication challenge. You can also create and add a credential to the AuthenticationManager before accessing secured services.

我们的ArcGIS代币挑战样本显示了如何根据身份验证挑战来创建此证书。您还可以在访问有担保服务之前在AuthenticationManager中创建并添加凭据。

PregeneratedTokenCredential (200.5+)

前生物列（200.5+）

This replaces ArcGISTokenCredentials created by the token-string constructor.

这取代了令牌弦构建器创建的Arcgistokencredentials。

PregeneratedTokenCredential accesses token-secured ArcGIS content and services using an independently generated token. This credential type gives you flexibility when integrating with custom authentication systems. Use it when you:

使用独立生成的代币，PregeneratedTokencreDential访问令牌扣除的ArcGIS内容和服务。与自定义身份验证系统集成时，这种凭证类型为您提供了灵活性。当您使用它：

New Supporting APIs

新的支持API

Beyond the credential types themselves, several supporting APIs have been added to enhance flexibility and control.

除了凭据类型本身之外，还添加了几种支持API，以增强灵活性和控制。

Server Certificate Validation (200.6+)

服务器证书验证（200.6+）

When working with HTTPS services, you can now customize how SSL/TLS certificates are validated. Specify a custom callback when configuring HTTP settings to examine all SSL connections made by the Maps SDK.

使用HTTPS服务时，您现在可以自定义如何验证SSL/TLS证书。在配置HTTP设置以检查MAPS SDK制作的所有SSL连接时，请指定自定义回调。

Server certificates are usually validated by the operating system using default policies and known Certificate Authorities, but your own validator can accept or reject connections based on custom criteria. For example:

服务器证书通常通过操作系统使用默认策略和已知证书机构验证，但是您自己的验证器可以根据自定义标准接受或拒绝连接。例如：

The callback uses the standard .NET RemoteCertificateValidationCallback signature. For more information including code examples, see Microsoft’s guide to custom X509Certificate validation.

回调使用标准.NET remoteCertificateValidationCallback签名。有关代码示例在内的更多信息，请参见Microsoft的自定义X509Certificate验证指南。

IHttpMessageInterceptor (200.5+)

ihttpmessageInterceptor（200.5+）

The new IHttpMessageInterceptor interface allows you to monitor, modify, or even mock HTTP requests and responses. This powerful capability can be configured globally when configuring HTTP settings on startup. Common use cases include:

新的IHTTPMessageInterceptor接口使您可以监视，修改甚至模拟HTTP请求和响应。在启动时配置HTTP设置时，可以在全球配置此功能强大的功能。常见用例包括：

Logging and Diagnostics: Log request and response details for monitoring and debugging:

记录和诊断：日志请求和响应详细信息，用于监视和调试：

import logging

导入记录

logger = logging.getLogger(__name__)

logger = logging.getLogger（__名称__）

class MessageInterceptor(IHttpMessageInterceptor):

类MessageInterceptor（IHTTPMESSAGEINTERCEPTOR）：

"""Logs request and response details to the console."""

“”“日志请求和响应详细信息对控制台。”“”

def OnRequest(self, request, cancellationToken):

def onRequest（自我，请求，取消token）：

"""Called before a request is sent."""

“”“在发送请求之前打电话。”“”

logger.info(f"Request: {request.Method} {request.RequestUri}")

logger.info（f“请求：{request.method} {request.requesturi}”）

for header in request.Headers:

对于请求中的标题。

logger.info(f" Header: {header}")

logger.info（f“标头：{header}”）

async def main():

异步def main（）：

"""Main function to configure and run the message interceptor."""

“”“要配置和运行消息拦截器的主要功能。”“”

message_interceptor = MessageInterceptor()

Message_interceptor = MessageInterceptor（）

http_settings = HttpSettings.Builder().AddMessageInterceptor(message_interceptor).Build()

http_settings = httpsettings.builder（）。

async with AuthenticationManager.CreateInstanceAsync(credentials, http_settings) as auth_manager:

带有AuthenticationManager.CreateinStanceAsync（凭据，http_settings）的异步

user = await ArcGISUser.CurrentUserAsync(auth_manager)

user =等待arcgisuser.currentuserasync（auth_manager）

logger.info(f"Logged in as: {user.Username}")

logger.info（f“登录as：{user.username}”）

if __name__ == "__main__":

如果__name__ ==“ __ -main __”：

logging.basicConfig(level=logging.INFO, format='%(asctime

loggging.basicconfig（level = logging.info，格式='％（asctime