0
我寫了一個應該讀取用戶組的應用程序。我正在使用Asp.net核心。我在Azure門戶中創建了一個應用程序,併爲GraphAPI授予全部應用程序權限,並單擊授予權限按鈕。然後我用類似的一些代碼WebApp-GroupClaims-DotNet檢索用戶組:getMemberGroups「沒有足夠的權限來完成操作」
public async Task<IEnumerable<string>> GetGroupIdsFromGraphApiAsync(string userId)
{
var groupObjectIds = new List<string>();
// Acquire the Access Token
var credential = new ClientCredential(_configHelper.ClientId, _configHelper.AppKey);
var authContext = new AuthenticationContext(_configHelper.Authority);
var result = await authContext.AcquireTokenAsync(_configHelper.GraphResourceId, credential);
var accessToken = result.AccessToken;
var requestUrl =
$"{_configHelper.GraphResourceId}/{_configHelper.Domain}/users/{userId}/getMemberGroups?api-version=1.6";
// Prepare and Make the POST request
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, requestUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var content = new StringContent("{\"securityEnabledOnly\":false}");
content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
request.Content = content;
var response = await client.SendAsync(request);
// Endpoint returns JSON with an array of Group ObjectIDs
if (response.IsSuccessStatusCode)
{
var responseContent = await response.Content.ReadAsStringAsync();
var groupsResult = (Json.Decode(responseContent)).value;
foreach (string groupObjectId in groupsResult)
groupObjectIds.Add(groupObjectId);
}
else
{
var responseContent = await response.Content.ReadAsStringAsync();
throw new WebException(responseContent);
}
return groupObjectIds;
}
不幸的是我總是得到如下回應:
{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."}}}
難道就沒有辦法爲一個應用程序查詢AD此信息?
'_configHelper.GraphResourceId'的值是什麼。似乎您正在使用azure廣告圖API,您是否授予Azure門戶中Windows Azure Active Directory(azure廣告圖api)的權限? –
'_configHelper.GraphResourceId'是'https:// graph.windows.net' – david
因此,在您授予許可的Azure門戶中? Azure Active Directory或Microsoft Graph?和哪個應用程序權限? –