C# 无法使用Microsoft Graph API更新Azure AD密码
下面是我用于更新用户密码的C# 无法使用Microsoft Graph API更新Azure AD密码,c#,azure-active-directory,microsoft-graph-api,C#,Azure Active Directory,Microsoft Graph Api,下面是我用于更新用户密码的补丁请求的请求 var token = TokenHelper.GetToken().AccessToken; var client = new RestClient("https://graph.microsoft.com/v1.0/users/" + person.UserPrincipalName); client.Timeout = -1; var request = new RestRequest(Method.PATCH); request.AddHeade
补丁
请求的请求
var token = TokenHelper.GetToken().AccessToken;
var client = new RestClient("https://graph.microsoft.com/v1.0/users/" + person.UserPrincipalName);
client.Timeout = -1;
var request = new RestRequest(Method.PATCH);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer " + token);
request.AddParameter("application/json", "{\n\"passwordProfile\": {\n \"password\": \"" + person.NewPassword + "\"\n}\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
如果键入复杂密码,则会得到:
{
"error": {
"code": "Request_BadRequest",
"message": "One or more properties contains invalid values.",
"innerError": {
"request-id": "5d97b465-7b27-4328-b0d9-4e9112f2257e",
"date": "2020-01-03T16:57:35"
}
}
}
{
"error": {
"code": "Request_BadRequest",
"message": "The specified password does not comply with password complexity requirements. Please provide a different password.",
"innerError": {
"request-id": "986fd0da-90d4-45c7-ba74-1ba2bec61956",
"date": "2020-01-03T17:05:15"
}
}
}
如果我键入一个简单的密码,我会得到:
{
"error": {
"code": "Request_BadRequest",
"message": "One or more properties contains invalid values.",
"innerError": {
"request-id": "5d97b465-7b27-4328-b0d9-4e9112f2257e",
"date": "2020-01-03T16:57:35"
}
}
}
{
"error": {
"code": "Request_BadRequest",
"message": "The specified password does not comply with password complexity requirements. Please provide a different password.",
"innerError": {
"request-id": "986fd0da-90d4-45c7-ba74-1ba2bec61956",
"date": "2020-01-03T17:05:15"
}
}
}
如果我没有输入密码,我的响应是
204无内容(成功)
,如果我更新其他字段(即mobileNumber
),它工作正常。要更改用户密码,您需要使用授权码或隐式OAuth授权进行身份验证。此外,您需要请求委托的作用域目录.AccessAsUser.All
。从:
更新passwordProfile
属性时,需要以下权限:Directory.AccessAsUser.All
您还应该将
forceChangePasswordNextSignIn
设置为true
对不起,我应该包括以下内容:我的应用程序已授权访问:Directory.AccessAsUser.All
User.Read
User.ReadWrite
和应用程序访问User.ReadWrite.All
TokenHelper通过var client=new RestClient创建OAuth2代码("https://login.microsoftonline.com/company/oauth2/v2.0/token“”;
看起来像客户端凭据,而不是授权代码。令牌不能同时具有应用程序和委托作用域。它是您使用OAuth授权时所依据的一个或另一个作用域。