Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/307.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/search/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# &引用;权限不足,无法完成操作“;,尽管授予了所有必要的权限_C#_Api_Azure Active Directory_Microsoft Graph Api - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# &引用;权限不足,无法完成操作“;,尽管授予了所有必要的权限

C# &引用;权限不足,无法完成操作“;,尽管授予了所有必要的权限

c# api azure-active-directory microsoft-graph-api

C# &引用;权限不足,无法完成操作“;,尽管授予了所有必要的权限,c#,api,azure-active-directory,microsoft-graph-api,C#,Api,Azure Active Directory,Microsoft Graph Api,我能够从服务器检索身份验证令牌,并通过AAD授予了所有权限,但我仍然面临同样的问题。 如果有人能帮我,那就太好了。 我正在使用Microsoft Graph API 下面是我正在使用的代码 {"odata.error":{"code":"Authorization_RequestDenied", "message": {"lang":"en","value":"Insufficient privileges to complete the operation."}, "requestId":"b

我能够从服务器检索身份验证令牌,并通过AAD授予了所有权限,但我仍然面临同样的问题。 如果有人能帮我,那就太好了。 我正在使用Microsoft Graph API

下面是我正在使用的代码

{"odata.error":{"code":"Authorization_RequestDenied",
"message":
{"lang":"en","value":"Insufficient privileges to complete the operation."},
"requestId":"b205e5d0-f929-418e-9153-f1994e2c0893",
"date":"2020-02-15T06:53:57"}
}

private const string clientID=“XXXX”;
私有常量字符串附加实例=”https://login.microsoftonline.com/{0}";
private const string tenant=“XYZ”;
私有常量字符串资源=”https://graph.windows.net";
私有常量字符串appKey=“appKey”;
静态字符串权限=string.Format(CultureInfo.InvariantCulture、addInstance、tenant);
私有静态HttpClient HttpClient=新HttpClient();
私有静态身份验证上下文=null;
private static ClientCredential credential=null;
静态void Main(字符串[]参数)
{
上下文=新的AuthenticationContext(授权);
凭证=新的ClientCredential(clientID,appKey);
任务令牌=GetToken();
token.Wait();
Console.WriteLine(token.Result);
任务用户=GetUsers(token.Result);
users.Wait();
Console.WriteLine(users.Result);
//Console.ReadLine();
}
私有静态异步任务GetUsers(字符串结果)
{
字符串用户=null;
字符串queryString=“api版本=1.6”;
var uri=”https://graph.windows.net/ *与租户关联的Microsoft 365帐户*/用户?+queryString;
httpclient.DefaultRequestHeaders.Authorization=新的AuthenticationHeaderValue(“承载者”,结果);
var getResult=await-httpclient.GetAsync(uri);
if(getResult!=null)
{
users=wait getResult.Content.ReadAsStringAsync();
}
返回用户;
}
私有静态异步任务GetToken()
{
AuthenticationResult=null;
字符串标记=null;
结果=等待上下文。AcquireTokenAsync(资源、凭证);
token=result.AccessToken;
返回令牌;
}
}
我尝试了下面的方法,并且非常适合我

private const string clientID = "XXXX";
        private const string addInstance = "https://login.microsoftonline.com/{0}";
        private const string tenant = "XYZ";
        private const string resource = "https://graph.windows.net";
        private const string appKey = "appkey";
        static string authority = String.Format(CultureInfo.InvariantCulture, addInstance, tenant);

        private static HttpClient httpclient = new HttpClient();
        private static AuthenticationContext context = null;
        private static ClientCredential credential = null;


        static void Main(string[] args)
        {
            context = new AuthenticationContext(authority);
            credential = new ClientCredential(clientID,appKey);

            Task<string> token = GetToken();
            token.Wait();
            Console.WriteLine(token.Result);

            Task<string> users = GetUsers(token.Result);
            users.Wait();
            Console.WriteLine(users.Result);
            //Console.ReadLine();
        }

        private static async Task<string> GetUsers(string result)
        {
            string users = null;
            string queryString = "api-version=1.6";
            var uri = "https://graph.windows.net/ *The Microsoft 365 account assosciated with the tenant* /users?"+ queryString;
            httpclient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result);
            var getResult = await httpclient.GetAsync(uri);
            if (getResult != null)
            {
                users = await getResult.Content.ReadAsStringAsync();
            }
            return users;
        }


        private static async Task<string> GetToken()
        {
            AuthenticationResult result = null;
            string token = null;
            result = await context.AcquireTokenAsync(resource, credential);
            token = result.AccessToken;
            return token;
        }
    }
我得到了预期的用户列表。请看屏幕截图

验证您的令牌:

检查您的令牌,该令牌应具有
User.ReadWrite.All
User.Read.All
应用程序权限

注意: 您应该对Azure Active Directory图形具有以下权限


有关更多信息,请参阅

希望这会有所帮助

我已经尝试过这样做,并且非常适合我

private const string clientID = "XXXX";
        private const string addInstance = "https://login.microsoftonline.com/{0}";
        private const string tenant = "XYZ";
        private const string resource = "https://graph.windows.net";
        private const string appKey = "appkey";
        static string authority = String.Format(CultureInfo.InvariantCulture, addInstance, tenant);

        private static HttpClient httpclient = new HttpClient();
        private static AuthenticationContext context = null;
        private static ClientCredential credential = null;


        static void Main(string[] args)
        {
            context = new AuthenticationContext(authority);
            credential = new ClientCredential(clientID,appKey);

            Task<string> token = GetToken();
            token.Wait();
            Console.WriteLine(token.Result);

            Task<string> users = GetUsers(token.Result);
            users.Wait();
            Console.WriteLine(users.Result);
            //Console.ReadLine();
        }

        private static async Task<string> GetUsers(string result)
        {
            string users = null;
            string queryString = "api-version=1.6";
            var uri = "https://graph.windows.net/ *The Microsoft 365 account assosciated with the tenant* /users?"+ queryString;
            httpclient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result);
            var getResult = await httpclient.GetAsync(uri);
            if (getResult != null)
            {
                users = await getResult.Content.ReadAsStringAsync();
            }
            return users;
        }


        private static async Task<string> GetToken()
        {
            AuthenticationResult result = null;
            string token = null;
            result = await context.AcquireTokenAsync(resource, credential);
            token = result.AccessToken;
            return token;
        }
    }
我得到了预期的用户列表。请看屏幕截图

验证您的令牌:

检查您的令牌,该令牌应具有
User.ReadWrite.All
User.Read.All
应用程序权限

注意: 您应该对Azure Active Directory图形具有以下权限


有关更多信息,请参阅

希望这会有所帮助

共享您的令牌请求代码,以及您尝试使用的
graph API
将有助于解决问题。我添加了代码,希望它有助于分析问题。您是否拥有
User.ReadWrite.All
User.Read.All
权限?并确保您已单击
Grant admin approve
另外检查您的令牌,以确认它在那里具有所需的权限。权限已授予,并且令牌已在您提供的链接上验证(签名已验证)。共享您的令牌请求代码,以及您尝试使用的
graph API
将有助于解决问题。我已添加了代码,希望它有助于分析问题。您是否拥有
User.ReadWrite.All
User.Read.All
权限?并确保您已单击
授予管理员许可
另外检查您的令牌,以确认其具有所需的权限。已授予权限,并且已在您提供的链接上验证令牌(签名已验证)。