无法使用Google Admin SDK创建用户-异常401未经授权
[英]Unable to Create User using Google Admin SDK - Exception 401 Unauthorized
问题描述
I am trying to populate users in my C# application. 
我正在尝试在我的C#应用程序中填充用户。 However, I keep getting this exception: 但是,我不断收到此异常:
{"Error occurred while sending a direct message or getting the response."}
[DotNetOpenAuth.Messaging.ProtocolException]: {"Error occurred while sending a direct message or getting the response."}
Data: {System.Collections.ListDictionaryInternal}
HelpLink: null
InnerException: {"The remote server returned an error: (401) Unauthorized."}
Message: "Error occurred while sending a direct message or getting the response."
Source: "Google.Apis"
StackTrace: " at Google.Apis.Requests.ClientServiceRequest`1.Execute() in c:\\code.google.com\\google-api-dotnet-client\\default\\Tools\\BuildRelease\\bin\\Release\\release140\\default\\Src\\GoogleApis\\Apis\\Requests\\ClientServiceRequest.cs:line 88\r\n at GoogleAccountsPopulation.DirectoryServiceClient.CreateUser(User user) in E:\\GoogleAccountsPopulation\\GoogleAccountsPopulation\\GoogleAccountsPopulation\\DirectoryServiceClient.cs:line 70\r\n at GoogleAccountsPopulation.frmGoogleAccountsPopulation.btnPopulateAccounts_Click(Object sender, EventArgs e) in E:\\GoogleAccountsPopulation\\GoogleAccountsPopulation\\GoogleAccountsPopulation\\PopulateForm.cs:line 449"
TargetSite: {TResponse Execute()}
The exception is being raised on the line: 在线上引发了异常:
userServiceClient.CreateUser(user);
Here is the codes for the service: 这是该服务的代码:
DirectoryServiceSpecs userServiceSpecs = new DirectoryServiceSpecs()
{
CertificateFilePath = Path.GetDirectoryName(Application.ExecutablePath) + "\\Certificates\\" + gappsSchool.CertificateFile,
PrivateKey = gappsSchool.PrivateKey,
ServiceAccountId = gappsSchool.ServiceAccountId,
ServiceAccountUser = gappsSchool.ServiceAccountUser,
Domain = gappsSchool.EmailDomain,
ServiceScope = DirectoryService.Scopes.AdminDirectoryUser.GetStringValue()
};
DirectoryServiceClient userServiceClient = new DirectoryServiceClient(userServiceSpecs);
User user = new User();
user.Name = new UserName();
if (userNames.Length > 1)
{
user.Name.FamilyName = lmsUser.Name.Replace(userNames[0], "").Trim();
user.Name.GivenName = userNames[0];
}
else
{
user.Name.FamilyName = "N.A.";
user.Name.GivenName = userNames[0];
}
user.Name.FullName = lmsUser.Name;
user.Password = lmsUser.Password;
user.PrimaryEmail = lmsUser.EmailAccount + "@" + gappsSchool.EmailDomain;
if (Properties.Settings.Default.LMSPasswardHashAlgorithm.Trim() != string.Empty)
user.HashFunction = "MD5";
user = userServiceClient.CreateUser(user);
trackEntries.Add(new TrackEntry()
{
EmailAccount = lmsUser.EmailAccount,
SchoolName = gappsSchool.Name,
Status = "Success",
Error = ""
});
log.Info("Successfully created user \"" + lmsUser.EmailAccount + "\" (" + lmsUser.Id.ToString() + ", " + gappsSchool.Name + ").");
userServiceClient.CreateUser(user);
1 个解决方案
解决方案1
0 2016-09-01 15:18:22
Authorization 授权书
In Google Apps domains, the domain administrator can grant third-party applications with domain-wide access to its users' data — this is referred as domain-wide delegation of authority.
Here is the list of scopes available in Directory API . 这是Directory API中可用范围的列表。
To request access using OAuth 2.0, your application needs the scope information, as well as information that Google supplies when you register your application (such as the client ID and the client secret).
Try checking how you perform Google Apps Domain-Wide delegation of authority . 尝试检查您如何执行Google Apps Domain-Wide授权 。 You are receiving an Exception 401 Unauthorized maybe because your service account is not authorized to create a user (wrong scope used or the scope to used is not added), based from Emily's answer - you must impersonate a administrator account ( Note: only administrator can create users ). 根据艾米丽的回答 ,您可能会收到401未经授权的异常401,可能是因为您的服务帐户无权创建用户(使用的范围错误或未添加使用的范围)-您必须模拟管理员帐户( 注意:只有管理员才能创建用户 )。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.