Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/azure/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Asp.net getMemberGroups“;权限不足,无法完成操作”;_Asp.net_Azure_Azure Active Directory_Microsoft Graph Api - Fatal编程技术网
Fatal编程技术网
  • asp.net/
  • Asp.net getMemberGroups“;权限不足,无法完成操作”;

Asp.net getMemberGroups“;权限不足,无法完成操作”;

asp.net azure azure-active-directory microsoft-graph-api

Asp.net getMemberGroups“;权限不足,无法完成操作”;,asp.net,azure,azure-active-directory,microsoft-graph-api,Asp.net,Azure,Azure Active Directory,Microsoft Graph Api,我编写了一个应用程序,它应该读取用户的组。我正在使用Asp.net内核。我在azure门户内创建了一个应用程序,并授予GraphAPI的所有应用程序权限,然后单击“授予权限”按钮。然后我使用了一些类似的代码来检索用户组: public async Task<IEnumerable<string>> GetGroupIdsFromGraphApiAsync(string userId) { var groupObjectIds = new List<strin

我编写了一个应用程序,它应该读取用户的组。我正在使用Asp.net内核。我在azure门户内创建了一个应用程序,并授予GraphAPI的所有应用程序权限,然后单击“授予权限”按钮。然后我使用了一些类似的代码来检索用户组:

public async Task<IEnumerable<string>> GetGroupIdsFromGraphApiAsync(string userId)
{
    var groupObjectIds = new List<string>();

    // Acquire the Access Token
    var credential = new ClientCredential(_configHelper.ClientId, _configHelper.AppKey);
    var authContext = new AuthenticationContext(_configHelper.Authority);
    var result = await authContext.AcquireTokenAsync(_configHelper.GraphResourceId, credential);
    var accessToken = result.AccessToken;

    var requestUrl =
        $"{_configHelper.GraphResourceId}/{_configHelper.Domain}/users/{userId}/getMemberGroups?api-version=1.6";

    // Prepare and Make the POST request
    var client = new HttpClient();
    var request = new HttpRequestMessage(HttpMethod.Post, requestUrl);
    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
    var content = new StringContent("{\"securityEnabledOnly\":false}");
    content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
    request.Content = content;
    var response = await client.SendAsync(request);

    // Endpoint returns JSON with an array of Group ObjectIDs
    if (response.IsSuccessStatusCode)
    {
        var responseContent = await response.Content.ReadAsStringAsync();
        var groupsResult = (Json.Decode(responseContent)).value;

        foreach (string groupObjectId in groupsResult)
            groupObjectIds.Add(groupObjectId);
    }
    else
    {
        var responseContent = await response.Content.ReadAsStringAsync();
        throw new WebException(responseContent);
    }

    return groupObjectIds;
}
应用程序无法查询此信息的广告吗?

根据您的代码,您正在进行Azure AD graph api调用,然后需要授予Microsoft Azure Active Directory(Azure AD graph api)的权限

是Azure AD Graph APi的端点,在Azure门户中,名称为
Windows Azure Active Directory
。是Microsoft Graph api的端点,在azure portal中名称为
Microsoft Graph

configHelper.GraphResourceId的值是多少。似乎您正在使用azure ad graph api,是否授予azure portal中的Windows azure Active Directory(azure ad graph api)权限?
\u configHelper.GraphResourceId
https://graph.windows.net
那么,在azure门户中,您向哪个门户授予权限?Azure Active Directory还是Microsoft Graph?哪种应用程序权限?我添加了Microsoft Graph应用程序权限,但现在在添加Azure Active Directory权限后,它可以工作了。。。为什么呢?我以为使用graph.windows.net会映射到Microsoft graph,而不是AAD…请查看我的答案。 
{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."}}}