Asp.net getMemberGroups“;权限不足,无法完成操作”;
我编写了一个应用程序,它应该读取用户的组。我正在使用Asp.net内核。我在azure门户内创建了一个应用程序,并授予GraphAPI的所有应用程序权限,然后单击“授予权限”按钮。然后我使用了一些类似的代码来检索用户组:Asp.net getMemberGroups“;权限不足,无法完成操作”;,asp.net,azure,azure-active-directory,microsoft-graph-api,Asp.net,Azure,Azure Active Directory,Microsoft Graph Api,我编写了一个应用程序,它应该读取用户的组。我正在使用Asp.net内核。我在azure门户内创建了一个应用程序,并授予GraphAPI的所有应用程序权限,然后单击“授予权限”按钮。然后我使用了一些类似的代码来检索用户组: public async Task<IEnumerable<string>> GetGroupIdsFromGraphApiAsync(string userId) { var groupObjectIds = new List<strin
public async Task<IEnumerable<string>> GetGroupIdsFromGraphApiAsync(string userId)
{
var groupObjectIds = new List<string>();
// Acquire the Access Token
var credential = new ClientCredential(_configHelper.ClientId, _configHelper.AppKey);
var authContext = new AuthenticationContext(_configHelper.Authority);
var result = await authContext.AcquireTokenAsync(_configHelper.GraphResourceId, credential);
var accessToken = result.AccessToken;
var requestUrl =
$"{_configHelper.GraphResourceId}/{_configHelper.Domain}/users/{userId}/getMemberGroups?api-version=1.6";
// Prepare and Make the POST request
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, requestUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var content = new StringContent("{\"securityEnabledOnly\":false}");
content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
request.Content = content;
var response = await client.SendAsync(request);
// Endpoint returns JSON with an array of Group ObjectIDs
if (response.IsSuccessStatusCode)
{
var responseContent = await response.Content.ReadAsStringAsync();
var groupsResult = (Json.Decode(responseContent)).value;
foreach (string groupObjectId in groupsResult)
groupObjectIds.Add(groupObjectId);
}
else
{
var responseContent = await response.Content.ReadAsStringAsync();
throw new WebException(responseContent);
}
return groupObjectIds;
}
应用程序无法查询此信息的广告吗?根据您的代码,您正在进行Azure AD graph api调用,然后需要授予Microsoft Azure Active Directory(Azure AD graph api)的权限
是Azure AD Graph APi的端点,在Azure门户中,名称为
Windows Azure Active Directory
。是Microsoft Graph api的端点,在azure portal中名称为Microsoft Graph
configHelper.GraphResourceId的值是多少。似乎您正在使用azure ad graph api,是否授予azure portal中的Windows azure Active Directory(azure ad graph api)权限?\u configHelper.GraphResourceId
为https://graph.windows.net
那么,在azure门户中,您向哪个门户授予权限?Azure Active Directory还是Microsoft Graph?哪种应用程序权限?我添加了Microsoft Graph应用程序权限,但现在在添加Azure Active Directory权限后,它可以工作了。。。为什么呢?我以为使用graph.windows.net会映射到Microsoft graph,而不是AAD…请查看我的答案。
{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."}}}