C# &引用;权限不足,无法完成操作“;,尽管授予了所有必要的权限
我能够从服务器检索身份验证令牌,并通过AAD授予了所有权限,但我仍然面临同样的问题。 如果有人能帮我,那就太好了。 我正在使用Microsoft Graph API 下面是我正在使用的代码C# &引用;权限不足,无法完成操作“;,尽管授予了所有必要的权限,c#,api,azure-active-directory,microsoft-graph-api,C#,Api,Azure Active Directory,Microsoft Graph Api,我能够从服务器检索身份验证令牌,并通过AAD授予了所有权限,但我仍然面临同样的问题。 如果有人能帮我,那就太好了。 我正在使用Microsoft Graph API 下面是我正在使用的代码 {"odata.error":{"code":"Authorization_RequestDenied", "message": {"lang":"en","value":"Insufficient privileges to complete the operation."}, "requestId":"b
{"odata.error":{"code":"Authorization_RequestDenied",
"message":
{"lang":"en","value":"Insufficient privileges to complete the operation."},
"requestId":"b205e5d0-f929-418e-9153-f1994e2c0893",
"date":"2020-02-15T06:53:57"}
}
private const string clientID=“XXXX”;
私有常量字符串附加实例=”https://login.microsoftonline.com/{0}";
private const string tenant=“XYZ”;
私有常量字符串资源=”https://graph.windows.net";
私有常量字符串appKey=“appKey”;
静态字符串权限=string.Format(CultureInfo.InvariantCulture、addInstance、tenant);
私有静态HttpClient HttpClient=新HttpClient();
私有静态身份验证上下文=null;
private static ClientCredential credential=null;
静态void Main(字符串[]参数)
{
上下文=新的AuthenticationContext(授权);
凭证=新的ClientCredential(clientID,appKey);
任务令牌=GetToken();
token.Wait();
Console.WriteLine(token.Result);
任务用户=GetUsers(token.Result);
users.Wait();
Console.WriteLine(users.Result);
//Console.ReadLine();
}
私有静态异步任务GetUsers(字符串结果)
{
字符串用户=null;
字符串queryString=“api版本=1.6”;
var uri=”https://graph.windows.net/ *与租户关联的Microsoft 365帐户*/用户?+queryString;
httpclient.DefaultRequestHeaders.Authorization=新的AuthenticationHeaderValue(“承载者”,结果);
var getResult=await-httpclient.GetAsync(uri);
if(getResult!=null)
{
users=wait getResult.Content.ReadAsStringAsync();
}
返回用户;
}
私有静态异步任务GetToken()
{
AuthenticationResult=null;
字符串标记=null;
结果=等待上下文。AcquireTokenAsync(资源、凭证);
token=result.AccessToken;
返回令牌;
}
}
我尝试了下面的方法,并且非常适合我
private const string clientID = "XXXX";
private const string addInstance = "https://login.microsoftonline.com/{0}";
private const string tenant = "XYZ";
private const string resource = "https://graph.windows.net";
private const string appKey = "appkey";
static string authority = String.Format(CultureInfo.InvariantCulture, addInstance, tenant);
private static HttpClient httpclient = new HttpClient();
private static AuthenticationContext context = null;
private static ClientCredential credential = null;
static void Main(string[] args)
{
context = new AuthenticationContext(authority);
credential = new ClientCredential(clientID,appKey);
Task<string> token = GetToken();
token.Wait();
Console.WriteLine(token.Result);
Task<string> users = GetUsers(token.Result);
users.Wait();
Console.WriteLine(users.Result);
//Console.ReadLine();
}
private static async Task<string> GetUsers(string result)
{
string users = null;
string queryString = "api-version=1.6";
var uri = "https://graph.windows.net/ *The Microsoft 365 account assosciated with the tenant* /users?"+ queryString;
httpclient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result);
var getResult = await httpclient.GetAsync(uri);
if (getResult != null)
{
users = await getResult.Content.ReadAsStringAsync();
}
return users;
}
private static async Task<string> GetToken()
{
AuthenticationResult result = null;
string token = null;
result = await context.AcquireTokenAsync(resource, credential);
token = result.AccessToken;
return token;
}
}
我得到了预期的用户列表。请看屏幕截图
验证您的令牌:
检查您的令牌,该令牌应具有User.ReadWrite.All
或User.Read.All
应用程序权限
注意:
您应该对Azure Active Directory图形具有以下权限
有关更多信息,请参阅
希望这会有所帮助 我已经尝试过这样做,并且非常适合我
private const string clientID = "XXXX";
private const string addInstance = "https://login.microsoftonline.com/{0}";
private const string tenant = "XYZ";
private const string resource = "https://graph.windows.net";
private const string appKey = "appkey";
static string authority = String.Format(CultureInfo.InvariantCulture, addInstance, tenant);
private static HttpClient httpclient = new HttpClient();
private static AuthenticationContext context = null;
private static ClientCredential credential = null;
static void Main(string[] args)
{
context = new AuthenticationContext(authority);
credential = new ClientCredential(clientID,appKey);
Task<string> token = GetToken();
token.Wait();
Console.WriteLine(token.Result);
Task<string> users = GetUsers(token.Result);
users.Wait();
Console.WriteLine(users.Result);
//Console.ReadLine();
}
private static async Task<string> GetUsers(string result)
{
string users = null;
string queryString = "api-version=1.6";
var uri = "https://graph.windows.net/ *The Microsoft 365 account assosciated with the tenant* /users?"+ queryString;
httpclient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result);
var getResult = await httpclient.GetAsync(uri);
if (getResult != null)
{
users = await getResult.Content.ReadAsStringAsync();
}
return users;
}
private static async Task<string> GetToken()
{
AuthenticationResult result = null;
string token = null;
result = await context.AcquireTokenAsync(resource, credential);
token = result.AccessToken;
return token;
}
}
我得到了预期的用户列表。请看屏幕截图
验证您的令牌:
检查您的令牌,该令牌应具有User.ReadWrite.All
或User.Read.All
应用程序权限
注意:
您应该对Azure Active Directory图形具有以下权限
有关更多信息,请参阅
希望这会有所帮助 共享您的令牌请求代码,以及您尝试使用的
graph API
将有助于解决问题。我添加了代码,希望它有助于分析问题。您是否拥有User.ReadWrite.All
或User.Read.All
权限?并确保您已单击Grant admin approve
另外检查您的令牌,以确认它在那里具有所需的权限。权限已授予,并且令牌已在您提供的链接上验证(签名已验证)。共享您的令牌请求代码,以及您尝试使用的graph API
将有助于解决问题。我已添加了代码,希望它有助于分析问题。您是否拥有User.ReadWrite.All
或User.Read.All
权限?并确保您已单击授予管理员许可
另外检查您的令牌,以确认其具有所需的权限。已授予权限,并且已在您提供的链接上验证令牌(签名已验证)。