C# 无法使用Microsoft Graph API更新Azure AD密码_C#_Azure Active Directory_Microsoft Graph Api

C# 无法使用Microsoft Graph API更新Azure AD密码

c# azure-active-directory microsoft-graph-api

C# 无法使用Microsoft Graph API更新Azure AD密码,c#,azure-active-directory,microsoft-graph-api,C#,Azure Active Directory,Microsoft Graph Api,下面是我用于更新用户密码的补丁请求的请求 var token = TokenHelper.GetToken().AccessToken; var client = new RestClient("https://graph.microsoft.com/v1.0/users/" + person.UserPrincipalName); client.Timeout = -1; var request = new RestRequest(Method.PATCH); request.AddHeade

下面是我用于更新用户密码的

补丁

请求的请求

var token = TokenHelper.GetToken().AccessToken;
var client = new RestClient("https://graph.microsoft.com/v1.0/users/" + person.UserPrincipalName);
client.Timeout = -1;
var request = new RestRequest(Method.PATCH);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer " + token);
request.AddParameter("application/json", "{\n\"passwordProfile\": {\n \"password\": \"" + person.NewPassword + "\"\n}\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

如果键入复杂密码，则会得到：

{
  "error": {
    "code": "Request_BadRequest",
    "message": "One or more properties contains invalid values.",
    "innerError": {
      "request-id": "5d97b465-7b27-4328-b0d9-4e9112f2257e",
      "date": "2020-01-03T16:57:35"
    }
  }
}

{
  "error": {
    "code": "Request_BadRequest",
    "message": "The specified password does not comply with password complexity requirements. Please provide a different password.",
    "innerError": {
      "request-id": "986fd0da-90d4-45c7-ba74-1ba2bec61956",
      "date": "2020-01-03T17:05:15"
    }
  }
}

如果我键入一个简单的密码，我会得到：

{
  "error": {
    "code": "Request_BadRequest",
    "message": "One or more properties contains invalid values.",
    "innerError": {
      "request-id": "5d97b465-7b27-4328-b0d9-4e9112f2257e",
      "date": "2020-01-03T16:57:35"
    }
  }
}

{
  "error": {
    "code": "Request_BadRequest",
    "message": "The specified password does not comply with password complexity requirements. Please provide a different password.",
    "innerError": {
      "request-id": "986fd0da-90d4-45c7-ba74-1ba2bec61956",
      "date": "2020-01-03T17:05:15"
    }
  }
}

如果我没有输入密码，我的响应是

204无内容（成功）

，如果我更新其他字段（即

mobileNumber

），它工作正常。

要更改用户密码，您需要使用授权码或隐式OAuth授权进行身份验证。此外，您需要请求委托的作用域

目录.AccessAsUser.All

。从：

更新

passwordProfile

属性时，需要以下权限：

Directory.AccessAsUser.All

您还应该将

forceChangePasswordNextSignIn

设置为

true

对不起，我应该包括以下内容：我的应用程序已授权访问：

Directory.AccessAsUser.All

User.Read

User.ReadWrite

和应用程序访问

User.ReadWrite.All

TokenHelper通过

var client=new RestClient创建OAuth2代码("https://login.microsoftonline.com/company/oauth2/v2.0/token“”；

看起来像客户端凭据，而不是授权代码。令牌不能同时具有应用程序和委托作用域。它是您使用OAuth授权时所依据的一个或另一个作用域。