[英]Azure Graph API - Check if user has full access to an O365 mailbox
I am using the ActiveDirectory GraphClient library by Microsoft to access an Azure AD. 我正在使用Microsoft的ActiveDirectory GraphClient库来访问Azure AD。
My problem is: 我的问题是:
I'd like to get to known if an IUser object has full access to an Office 365 mailbox of another user. 我想知道IUser对象是否具有对另一个用户的Office 365邮箱的完全访问权限。
void bool HasFullAccess(IActiveDirectoryClient client, IUser currentUser, IUser otherUser)
{
if (currentUser.ObjectId == otherUser.ObjectId)
{
return true;
}
//TODO: HOW-TO CHECK IF 'currentUser' HAS FULL ACCESS
// TO MAILBOX OF 'otherUser'
}
Really good question, you want to be looking at both the full_access_as_user
and full_access_as_app
depending on your scenario. 确实是一个很好的问题,您希望根据自己的情况同时查看full_access_as_user
和full_access_as_app
。 Once you have the access token for the user you should be looking at some of the API calls that are documented in the Outlook REST API . 获得用户的访问令牌后,您应该查看Outlook REST API中记录的一些API调用。
There are two possible ways to check whether a user could access another user's mailbox : 有两种方法可以检查用户是否可以访问另一个用户的邮箱:
EWS Managed API EWS托管API
If you have permission to access another user's mailbox ,you could get the data via : 如果您有权访问其他用户的邮箱,则可以通过以下方式获取数据:
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2007_SP1); service.Credentials = new WebCredentials("user_with_access@example.com", "PASSWORD"); service.TraceEnabled = true; service.TraceFlags = TraceFlags.All; service.AutodiscoverUrl("user_with_access@example.com", RedirectionUrlValidationCallback); var userMailbox = new Mailbox("target_user@example.com"); var folderId = new FolderId(WellKnownFolderName.Inbox, userMailbox); var itemView = new ItemView(20); // page size var userItems = service.FindItems(folderId, itemView); foreach (var item in userItems) { // do something with item (nb: it might not be a message) }
Above code need user's credential .If you don't have permission to access target user's mailbox ,above code will threw an error like " The process failed to get the correct properties" . 上面的代码需要用户的凭据。如果您无权访问目标用户的邮箱,则上面的代码将引发错误,例如“进程无法获取正确的属性”。
PowerShell 电源外壳
By running Get-MailboxPermission cmdlet you can check which user/mailbox has what type of permissions to access other mailboxes in Exchange: 通过运行Get-MailboxPermission cmdlet,您可以检查哪个用户/邮箱具有访问Exchange中其他邮箱的权限类型:
Get-Mailbox <Mailbox> | Get-MailboxPermission -User <AD User>
You could call powershell to check it in your application . 您可以调用powershell在应用程序中进行检查。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.