C# Can';t使用谷歌目录API管理SDK列出用户
我试图使用来管理我的域的用户和组,但我只需要一个简单的请求来获取我域的所有用户。C#中有代码: 我已按照说明启用API访问,并在域控制面板中授权了我的服务帐户:C# Can';t使用谷歌目录API管理SDK列出用户,c#,google-api,google-admin-sdk,google-api-dotnet-client,C#,Google Api,Google Admin Sdk,Google Api Dotnet Client,我试图使用来管理我的域的用户和组,但我只需要一个简单的请求来获取我域的所有用户。C#中有代码: 我已按照说明启用API访问,并在域控制面板中授权了我的服务帐户: [Security]->[Advanced Setting]->[Authentication]->[Manage third party OAuth Client access] 范围: https://www.googleapis.com/auth/admin.directory.group https://w
[Security]->[Advanced Setting]->[Authentication]->[Manage third party OAuth Client access]
范围:
https://www.googleapis.com/auth/admin.directory.group
https://www.googleapis.com/auth/admin.directory.user
API控制面板中还启用了管理SDK服务
我尝试了使用DriveService的代码,并成功地列出/创建/删除了文件,没有任何问题,因此代码的身份验证部分应该是正确的。我无法确定还需要配置什么,或者我的代码是否存在任何其他问题
感谢您的帮助。如页面所述: 管理API客户端访问 开发者可以向Google注册他们的web应用程序和其他API客户端,以便访问 谷歌服务中的数据,如日历。你可以授权这些 注册客户端访问您的用户数据,而无需您的用户单独给予同意或密码。了解更多 服务帐户需要根据用户的行为进行操作,因此在初始化客户端时,需要分配ServiceAccountUser
var provider = new AssertionFlowClient(
GoogleAuthenticationServer.Description,
new X509Certificate2(privateKeyPath, keyPassword, X509KeyStorageFlags.Exportable))
{
ServiceAccountId = serviceAccountEmail,
Scope = AdminService.Scopes.AdminDirectoryUser.GetStringValue(),
ServiceAccountUser = domainManangerEmail
};
Edit:AssertionFlowClient已被弃用,以下操作应有效:
var cert = new X509Certificate2(privateKeyPath, keyPassword, X509KeyStorageFlags.Exportable);
var serverCredential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new []{DirectoryService.Scope.AdminDirectoryUser},
User = domainManagerAccountEmail
}.FromCertificate(cert));
var dirService = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = serverCredential
});
我们需要提供使用超级管理员的服务ID或正确的权限来通过此错误 希望这有帮助。
-Venu Murthy此代码对我有效
有关更多信息,请查看。 有限制和配额。为我工作
using Google.Apis.Auth.OAuth2;
using Google.Apis.Admin.Directory.directory_v1;
using Google.Apis.Admin.Directory.directory_v1.Data;
using Google.Apis.Services;
using Google.Apis.Util.Store;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
namespace ConsoleApplication1
{
class Program
{
static string[] Scopes = { DirectoryService.Scope.AdminDirectoryUserReadonly};
static string ApplicationName = "API G Suite implementation guid by amit";
static void Main(string[] args)
{
UserCredential credential;
using (var stream =
new FileStream("client_secret.json", FileMode.Open, FileAccess.Read))
{
string credPath = System.Environment.GetFolderPath(
System.Environment.SpecialFolder.Personal);
credPath = Path.Combine(credPath, ".credentials1/admin-directory_v1-dotnet-quickstart.json");
credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
GoogleClientSecrets.Load(stream).Secrets,
Scopes,
"user",
CancellationToken.None,
new FileDataStore(credPath, true)).Result;
Console.WriteLine("Credential file saved to: " + credPath);
}
// Create Directory API service.
var service = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = ApplicationName,
});
////// Define parameters of request.
UsersResource.ListRequest request = service.Users.List();
request.Customer = "my_customer";
request.MaxResults = 10;
request.OrderBy = UsersResource.ListRequest.OrderByEnum.Email;
////// List users.
IList<User> users = request.Execute().UsersValue;
Console.WriteLine("Users:");
if (users != null && users.Count > 0)
{
foreach (var userItem in users)
{
Console.WriteLine("{0} ({1})", userItem.PrimaryEmail,
userItem.Name.FullName);
}
}
else
{
Console.WriteLine("No users found.");
}
Console.Read();
}
}
}
使用Google.api.Auth.OAuth2;
使用Google.api.Admin.Directory.Directory_v1;
使用Google.api.Admin.Directory.Directory_v1.Data;
使用Google.api.Services;
使用Google.api.Util.Store;
使用制度;
使用System.Collections.Generic;
使用System.IO;
使用System.Linq;
使用系统文本;
使用系统线程;
使用System.Threading.Tasks;
命名空间控制台应用程序1
{
班级计划
{
静态字符串[]Scopes={DirectoryService.Scope.AdminDirectoryUserReadonly};
静态字符串ApplicationName=“API G套件实现guid by amit”;
静态void Main(字符串[]参数)
{
用户凭证;
使用(var)流=
新的文件流(“client_secret.json”、FileMode.Open、FileAccess.Read))
{
字符串credPath=System.Environment.GetFolderPath(
系统、环境、专用文件夹、个人);
credPath=Path.Combine(credPath,“.credentials1/admin-directory_v1-dotnet-quickstart.json”);
凭证=GoogleWebAuthorizationBroker.AuthorizationAsync(
GoogleClientSecrets.Load(stream.Secrets),
范围,
“用户”,
取消令牌。无,
新文件数据存储(credPath,true))。结果;
Console.WriteLine(“凭证文件保存到:”+credPath);
}
//创建目录API服务。
var service=new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer=凭证,
ApplicationName=ApplicationName,
});
//////定义请求的参数。
UsersResource.ListRequest请求=service.Users.List();
request.Customer=“我的客户”;
request.MaxResults=10;
request.OrderBy=UsersResource.ListRequest.OrderByEnum.Email;
//////列出用户。
IList users=request.Execute().UsersValue;
Console.WriteLine(“用户:”);
if(users!=null&&users.Count>0)
{
foreach(用户中的var userItem)
{
Console.WriteLine(“{0}({1})”,userItem.PrimaryEmail,
userItem.Name.FullName);
}
}
其他的
{
Console.WriteLine(“未找到用户”);
}
Console.Read();
}
}
}
这不适用于我,当我添加ServiceAccountUser(域超级用户)时,它会出错:协议异常:发送直接消息或获取响应时出错。底层oauth响应是:1f{“error”:“access_denied”}0找到了我的答案。。。需要2LO。我疯了吗?AssertionFlowClient没有安装在任何我能找到的google API的nuget安装中。我完全按照上面的操作,但得到了错误:“未经授权的\u客户端”,描述:“请求中未经授权的客户端或作用域”,Uri:“
”。。任何ideas@Ody,您是否已启用API访问并向您正在使用的帐户授予权限?
var cert = new X509Certificate2(privateKeyPath, keyPassword, X509KeyStorageFlags.Exportable);
var serverCredential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new []{DirectoryService.Scope.AdminDirectoryUser},
User = domainManagerAccountEmail
}.FromCertificate(cert));
var dirService = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = serverCredential
});
static void GettingUsers()
{
String serviceAccountEmail = "xxxxxxx@developer.gserviceaccount.com";
var certificate = new X509Certificate2(@"xxxxx.p12", "notasecret", X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[] { DirectoryService.Scope.AdminDirectoryUser},
User = "your USER",
}.FromCertificate(certificate));
var service = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "name of your app",
});
var listReq = service.Users.List();
listReq.Domain = "your domain";
Users allUsers = listReq.Execute();
int counter = 0;
foreach(User myUser in allUsers.UsersValue){
Console.WriteLine("*" + myUser.PrimaryEmail);
counter++;
}
Console.WriteLine(counter);
Console.ReadKey();
using Google.Apis.Auth.OAuth2;
using Google.Apis.Admin.Directory.directory_v1;
using Google.Apis.Admin.Directory.directory_v1.Data;
using Google.Apis.Services;
using Google.Apis.Util.Store;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
namespace ConsoleApplication1
{
class Program
{
static string[] Scopes = { DirectoryService.Scope.AdminDirectoryUserReadonly};
static string ApplicationName = "API G Suite implementation guid by amit";
static void Main(string[] args)
{
UserCredential credential;
using (var stream =
new FileStream("client_secret.json", FileMode.Open, FileAccess.Read))
{
string credPath = System.Environment.GetFolderPath(
System.Environment.SpecialFolder.Personal);
credPath = Path.Combine(credPath, ".credentials1/admin-directory_v1-dotnet-quickstart.json");
credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
GoogleClientSecrets.Load(stream).Secrets,
Scopes,
"user",
CancellationToken.None,
new FileDataStore(credPath, true)).Result;
Console.WriteLine("Credential file saved to: " + credPath);
}
// Create Directory API service.
var service = new DirectoryService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = ApplicationName,
});
////// Define parameters of request.
UsersResource.ListRequest request = service.Users.List();
request.Customer = "my_customer";
request.MaxResults = 10;
request.OrderBy = UsersResource.ListRequest.OrderByEnum.Email;
////// List users.
IList<User> users = request.Execute().UsersValue;
Console.WriteLine("Users:");
if (users != null && users.Count > 0)
{
foreach (var userItem in users)
{
Console.WriteLine("{0} ({1})", userItem.PrimaryEmail,
userItem.Name.FullName);
}
}
else
{
Console.WriteLine("No users found.");
}
Console.Read();
}
}
}