Azure active directory 从Azure AD Graph教育API获取禁止/拒绝访问错误
我正在使用图形教育API,想要了解有关用户的所有信息 轮廓 在响应/json对象中获取以下错误 被禁止的 拒绝访问 未提供所需的索赔值Azure active directory 从Azure AD Graph教育API获取禁止/拒绝访问错误,azure-active-directory,azure-ad-graph-api,Azure Active Directory,Azure Ad Graph Api,我正在使用图形教育API,想要了解有关用户的所有信息 轮廓 在响应/json对象中获取以下错误 被禁止的 拒绝访问 未提供所需的索赔值 public异步任务GetUserDetails() { List listUser=新列表(); List userRole=new List(); 字符串clientId=configuration.GetValue(“AzureAd:clientId”); 字符串clientSecret=configuration.GetValue(“AzureAd:cl
public异步任务GetUserDetails()
{
List listUser=新列表();
List userRole=new List();
字符串clientId=configuration.GetValue(“AzureAd:clientId”);
字符串clientSecret=configuration.GetValue(“AzureAd:clientSecret”);
//var email=User.Identity.Name;
//AuthenticationContext authContext=新的AuthenticationContext(“https://login.windows.net/LPExamDev.onmicrosoft.com/oauth2/token");
AuthenticationContext authContext=新的AuthenticationContext(“https://login.windows.net/LPExamStaging.onmicrosoft.com/oauth2/token");
ClientCredential creds=新的ClientCredential(clientId,clientSecret);
AuthenticationResult authResult=等待authContext.AcquireTokenAsync(“https://graph.microsoft.com/",信条),;
HttpClient http=新的HttpClient();
字符串url=$”https://graph.microsoft.com/v1.0/education/users“;//Microsoft教育图表
//字符串url=$”https://graph.microsoft.com/v1.0/users“;//Microsoft Graph//工作正常。
////字符串url=”https://graph.windows.net/LPExamStaging.onmicrosoft.com/users?api-版本=1.6”;
//使用承载方案将Graph API的访问令牌附加到请求的授权头。
HttpRequestMessage请求=新的HttpRequestMessage(HttpMethod.Get,url);
request.Headers.Authorization=新的AuthenticationHeaderValue(“承载者”,authResult.AccessToken);
HttpResponseMessage response=等待http.SendAsync(请求);
var json=await response.Content.ReadAsStringAsync();
var jsonResponse=response.ToString();
bool responseCode=response.issuccesstatuscode;
//ViewBag.userData=json;
//SaveAPIData(json);
如果(响应代码)
{
SaveAPIData(json);
}
}
教育花名册.Read.All我的应用程序注册设置现在显示这些选项。应用程序类型显示“本机”?它实际上是一个网络应用程序。应用程序部署在一个租户上,并在另一个租户上注册。我有权以管理员身份访问已注册的应用程序租户。@RAhulApte对不起,你是什么意思?您应该将应用注册为web应用。@RAhulApte您可以按照我的步骤将权限添加到已注册的应用程序中。如果您需要进一步帮助,请告诉我。应用程序类型设置已更改,请立即返回web app。我编辑并勾选了该域上的Eduloster权限,并授予管理员许可,仍然是相同的错误。@CaiyiJu任何人都可以通过graph api访问所有学校信息吗?我的意思是,如果我创建一个web应用程序,注册广告,获取客户id、机密,授予适当的权限,那么我是否能够执行
get/schoolspublic async Task<ActionResult> GetUserDetails()
{
List<User> listUser = new List<User>();
List<UserRole> userRole = new List<UserRole>();
string clientId = configuration.GetValue<string>("AzureAd:ClientId");
string clientSecret = configuration.GetValue<string>("AzureAd:ClientSecret");
//var email = User.Identity.Name;
//AuthenticationContext authContext = new AuthenticationContext("https://login.windows.net/LPExamDev.onmicrosoft.com/oauth2/token");
AuthenticationContext authContext = new AuthenticationContext("https://login.windows.net/LPExamStaging.onmicrosoft.com/oauth2/token");
ClientCredential creds = new ClientCredential(clientId, clientSecret);
AuthenticationResult authResult = await authContext.AcquireTokenAsync("https://graph.microsoft.com/", creds);
HttpClient http = new HttpClient();
string url = $"https://graph.microsoft.com/v1.0/education/users"; // Microsoft Education Graph
//string url = $"https://graph.microsoft.com/v1.0/users"; // Microsoft Graph // Working fine.
////string url = "https://graph.windows.net/LPExamStaging.onmicrosoft.com/users?api-version=1.6";
// Append the access token for the Graph API to the Authorization header of the request by using the Bearer scheme.
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, url);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
HttpResponseMessage response = await http.SendAsync(request);
var json = await response.Content.ReadAsStringAsync();
var jsonResponse = response.ToString();
bool responseCode = response.IsSuccessStatusCode;
//ViewBag.userData = json;
//SaveAPIData(json);
if (responseCode)
{
SaveAPIData(json);
}
}