C# I';在通过谷歌认证后,我无法更改其他用户的签名
我一直在开发一个工具,稍后我将在我的组织中使用它来管理用户的签名,我已经成功地完成了所有的应用程序,在测试期间我发现我只能更改我的签名 我认为问题在于权限和授权。我使用的是OAuth客户端ID,我在console.developers.google.com上创建了这个项目,并启用了Gmail API 以下是我的代码的重要部分:C# I';在通过谷歌认证后,我无法更改其他用户的签名,c#,google-api,gmail-api,google-api-dotnet-client,C#,Google Api,Gmail Api,Google Api Dotnet Client,我一直在开发一个工具,稍后我将在我的组织中使用它来管理用户的签名,我已经成功地完成了所有的应用程序,在测试期间我发现我只能更改我的签名 我认为问题在于权限和授权。我使用的是OAuth客户端ID,我在console.developers.google.com上创建了这个项目,并启用了Gmail API 以下是我的代码的重要部分: public async void btnAuthorize_Click(object sender, EventArgs e) { tr
public async void btnAuthorize_Click(object sender, EventArgs e)
{
try
{
updateOutput("Trying to authorize with Google", "I");
using (var stream = new FileStream("client_secrets.json", FileMode.Open, FileAccess.Read))
{
credential = await GoogleWebAuthorizationBroker.AuthorizeAsync(
GoogleClientSecrets.Load(stream).Secrets,
new[] { GmailService.Scope.GmailSettingsBasic }, "user"
, CancellationToken.None, new FileDataStore("Gmail.Signature"));
}
updateOutput("Authorized successfully", "I");
btnUpdateSignature.Enabled = true;
}
catch (Google.GoogleApiException ex)
{
updateOutput(ex.Message, "E");
}
}
private void btnUpdateSignature_Click(object sender, EventArgs e)
{
// reading the users list one by one
// reading the signature text
// replacing the place holders with actual values
// upload the real signature text
// Create the service.
string signatureLocal = "";
string[] dataFields;
string userEmail;
int position=0;
string stat = "";
try
{
if (csvData_Arr.Length > 0)
{
foreach (string line in csvData_Arr)
{
if (position==0)
{
// skip this step, this is the header
position++;
}
else
{
dataFields = line.Split(',');
userEmail = dataFields[0];
signatureLocal = mapSignatureFields(signatureText, dataFields);
updateOutput("Updating signature for: " + userEmail, "I");
stat = updateSignature(userEmail, signatureLocal);
updateOutput(stat, "D");
if (chkGetbackSig.Checked == true)
{
updateOutput("Final signature: " + signatureLocal, "I");
}
position++;
}
}
}
}
catch (Exception ex)
{
updateOutput(ex.Message, "E");
}
}
private string updateSignature(string emailID, string signatureText)
{
SendAs sendAsObj = new SendAs();
service = new GmailService(new BaseClientService.Initializer()
{
HttpClientInitializer = credential,
ApplicationName = "Gmail API - Signature Manager",
});
try
{
sendAsObj.SendAsEmail = emailID;
sendAsObj.Signature = signatureText;
service.Users.Settings.SendAs.Patch(sendAsObj, emailID, emailID).Execute();
UsersResource.SettingsResource.SendAsResource.GetRequest sendAsRes = service.Users.Settings.SendAs.Get(emailID, emailID);
if (chkGetbackSig.Checked==true)
{
return sendAsRes.Execute().Signature.ToString();
}
return "";
}
catch (Google.GoogleApiException ex)
{
return ex.Message;
}
}
执行应用程序时,它可以成功更新我的签名,但当涉及到其他用户时,它会返回以下内容:
Google.API.Requests.RequestError中指定的用户id无效
请求/委派被拒绝[403]错误[消息[无效的用户id
在请求/委派被拒绝]位置[-]中指定
原因[禁止]域[全局]]
我有点迷茫,不知道应该在哪里以及如何让它与其他用户一起工作。我在创建项目时使用的帐户在域上具有超级管理员权限
谢谢你的帮助
编辑1:
我尝试使用服务帐户,但我做错了它似乎:
private async void button1_Click(object sender, EventArgs e)
{
string signatureLocal = "";
string[] dataFields;
string userEmail;
int position = 0;
string stat = "";
string certPath=appPath + "saKey.p12";
var cert = new X509Certificate2(certPath, "notasecret", X509KeyStorageFlags.Exportable);
string[] scopes = new string[] {GmailService.Scope.GmailSettingsBasic};
try
{
updateOutput("Trying to authorize with Google", "I");
ServiceAccountCredential cred = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer("xxx@cool-monolith-153015.iam.gserviceaccount.com")
{
Scopes = scopes
}.FromCertificate(cert));
serviceSA = new GmailService(new BaseClientService.Initializer()
{
HttpClientInitializer = cred,
ApplicationName = "Gmail API - Signature Manager",
});
updateOutput("Authorized successfully", "I");
SendAs sendAsObj = new SendAs();
foreach (string line in csvData_Arr)
{
if (position == 0)
{
// skip this step, this is the header
position++;
}
else
{
dataFields = line.Split(',');
userEmail = dataFields[0];
signatureLocal = mapSignatureFields(signatureText, dataFields);
updateOutput("Updating signature for: " + userEmail, "I");
sendAsObj.SendAsEmail = userEmail;
sendAsObj.Signature = signatureLocal;
serviceSA.Users.Settings.SendAs.Patch(sendAsObj, userEmail, userEmail).Execute();
UsersResource.SettingsResource.SendAsResource.GetRequest sendAsRes = serviceSA.Users.Settings.SendAs.Get(userEmail, userEmail);
if (chkGetbackSig.Checked == true)
{
updateOutput(sendAsRes.Execute().Signature.ToString(), "D");
}
updateOutput(stat, "D");
if (chkGetbackSig.Checked == true)
{
updateOutput("Final signature: " + signatureLocal, "I");
}
position++;
}
}
}
catch (Google.GoogleApiException ex)
{
updateOutput(ex.Message, "E");
}
}
我找到了一个工作代码:
private async void button1_Click(object sender, EventArgs e)
{
string signatureLocal = "";
string[] dataFields;
string userEmail;
int position = 0;
string stat = "";
string certPath=appPath + "saKey.p12";
var cert = new X509Certificate2(certPath, "notasecret", X509KeyStorageFlags.Exportable);
string[] scopes = new string[] {GmailService.Scope.GmailSettingsBasic, GmailService.Scope.MailGoogleCom};
try
{
SendAs sendAsObj = new SendAs();
foreach (string line in csvData_Arr)
{
if (position == 0)
{
// skip this step, this is the header
position++;
}
else
{
dataFields = line.Split(',');
userEmail = dataFields[0];
updateOutput("Trying to authorize with Google", "I");
ServiceAccountCredential cred = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer("xxx@cool-monolith-153015.iam.gserviceaccount.com")
{
User = userEmail,
Scopes = scopes
}.FromCertificate(cert));
updateOutput("Authorized successfully", "I");
serviceSA = new GmailService(new BaseClientService.Initializer()
{
HttpClientInitializer = cred,
ApplicationName = "Gmail API - Signature Manager",
});
signatureLocal = mapSignatureFields(signatureText, dataFields);
updateOutput("Updating signature for: " + userEmail, "I");
sendAsObj.SendAsEmail = userEmail;
sendAsObj.Signature = signatureLocal;
serviceSA.Users.Settings.SendAs.Patch(sendAsObj, userEmail, userEmail).Execute();
UsersResource.SettingsResource.SendAsResource.GetRequest sendAsRes = serviceSA.Users.Settings.SendAs.Get(userEmail, userEmail);
if (chkGetbackSig.Checked == true)
{
updateOutput(sendAsRes.Execute().Signature.ToString(), "D");
}
updateOutput(stat, "D");
if (chkGetbackSig.Checked == true)
{
updateOutput("Final signature: " + signatureLocal, "I");
}
position++;
}
}
}
catch (Google.GoogleApiException ex)
{
updateOutput(ex.Message, "E");
}
}
这里有一个问题,如果我对每次迭代都重新进行身份验证,可以吗?我可能每秒都有1000个帐户需要验证
谢谢 其他用户是否验证了应用程序?不,这应该是服务器端,我们不想让用户对签名以及我们如何控制签名产生影响…您考虑过使用服务帐户吗?我尝试过使用服务帐户,但现在“需要登录”时出现401错误,这是我的代码:我用服务帐户方法代码更新了主要帖子您的服务帐户(使用服务帐户电子邮件地址)需要作为域帐户中的用户进行预授权才能访问所有用户信息。我没有域帐户,所以我不能告诉你怎么做。只要知道,一旦服务帐户有权更新所有域用户的信息,它就会起作用。您不会有问题。客户端库只会在需要时再次请求身份验证。应该没问题。Api可能会反对您这么快地运行。我尝试了上面的代码(使用ServiceAccount凭据),但它不起作用。它在serviceSA.Users.Settings.SendAs.Patch(sendAsObj,userEmail,userEmail.Execute()上引发异常;错误为Google.api.Auth.OAuth2.Responses.TokenResponseException:'error:'unauthorized_client',Description:'client未经授权使用此方法检索访问令牌',Uri:''仍在您的案例中工作吗?