堆栈内存溢出
  简体   繁体   English

Azure Graph API-检查用户是否具有对O365邮箱的完全访问权限

[英]Azure Graph API - Check if user has full access to an O365 mailbox

 原文  2016-04-13 10:25:57       c#/ azure/ office365/ azure-ad-graph-api

问题描述

I am using the ActiveDirectory GraphClient library by Microsoft to access an Azure AD. 我正在使用Microsoft的ActiveDirectory GraphClient库来访问Azure AD。

My problem is: 我的问题是:

I'd like to get to known if an IUser object has full access to an Office 365 mailbox of another user. 我想知道IUser对象是否具有对另一个用户的Office 365邮箱的完全访问权限。 

void bool HasFullAccess(IActiveDirectoryClient client, IUser currentUser, IUser otherUser)
{
    if (currentUser.ObjectId == otherUser.ObjectId)
    {
        return true;
    }

    //TODO: HOW-TO CHECK IF 'currentUser' HAS FULL ACCESS
    //      TO MAILBOX OF 'otherUser'
}

2 个解决方案

解决方案1
 0  2016-04-13 11:38:02

Really good question, you want to be looking at both the full_access_as_user and full_access_as_app depending on your scenario. 确实是一个很好的问题,您希望根据自己的情况同时查看full_access_as_userfull_access_as_app Once you have the access token for the user you should be looking at some of the API calls that are documented in the Outlook REST API . 获得用户的访问令牌后,您应该查看Outlook REST API中记录的一些API调用。

解决方案2
 0  2016-04-14 07:55:41

There are two possible ways to check whether a user could access another user's mailbox : 有两种方法可以检查用户是否可以访问另一个用户的邮箱:

  1. EWS Managed API EWS托管API

    If you have permission to access another user's mailbox ,you could get the data via : 如果您有权访问其他用户的邮箱,则可以通过以下方式获取数据: 

      ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2007_SP1); service.Credentials = new WebCredentials("user_with_access@example.com", "PASSWORD"); service.TraceEnabled = true; service.TraceFlags = TraceFlags.All; service.AutodiscoverUrl("user_with_access@example.com", RedirectionUrlValidationCallback); var userMailbox = new Mailbox("target_user@example.com"); var folderId = new FolderId(WellKnownFolderName.Inbox, userMailbox); var itemView = new ItemView(20); // page size var userItems = service.FindItems(folderId, itemView); foreach (var item in userItems) { // do something with item (nb: it might not be a message) }

    Above code need user's credential .If you don't have permission to access target user's mailbox ,above code will threw an error like " The process failed to get the correct properties" . 上面的代码需要用户的凭据。如果您无权访问目标用户的邮箱,则上面的代码将引发错误,例如“进程无法获取正确的属性”。

  2. PowerShell 电源外壳

    By running Get-MailboxPermission cmdlet you can check which user/mailbox has what type of permissions to access other mailboxes in Exchange: 通过运行Get-MailboxPermission cmdlet,您可以检查哪个用户/邮箱具有访问Exchange中其他邮箱的权限类型: 

     Get-Mailbox <Mailbox> | Get-MailboxPermission -User <AD User>

    You could call powershell to check it in your application . 您可以调用powershell在应用程序中进行检查。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过Graph API购买O365 SKU许可证 - Buy O365 SKU license via Graph API 从每个 O365 用户收集邮箱属性所需的 PowerShell 脚本 - PowerShell script needed for collecting mailbox properties from each O365 user 通过 GraphAPI 的 O365 用户邮箱使用量大小 - O365 users mailbox usage size through GraphAPI 使用Azure AD身份验证获取承载访问令牌以访问o365资源 - Obtaining bearer access token to access o365 resource, using Azure AD auth 在控制台应用程序中使用图形 sdk 从 o365 获取用户邮件 - Get user mail from o365 using graph sdk in a console app 使用来自单个域管理员帐户的O365 REST API访问其他用户日历 - Accessing another user calendar using the O365 REST API from a single domain admin account O365 Exchange搜索邮箱的电子邮件已找到读取状态? - O365 Exchange search mailbox/es for email find read status? 获取登录用户O365 / webforms的电子邮件地址 - Get email address of logged in user O365 / webforms O365使用REST API创建事件 - O365 Create Events using REST API 允许用户使用 c# 中的图形 api 访问共享邮箱 - Allow user to access shared mailbox using Graph api in c#
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM