使用非管理员/Microsoft 帐户登录 Azure AD 时出现错误 AADSTS90093
[英]Error AADSTS90093 when logging into Azure AD with non-admin/Microsoft Accounts
问题描述
I've created a ASP.NET MVC web application that is configured to use the O365 Azure AD tenant of my company.
我创建了一个 ASP.NET MVC Web 应用程序,该应用程序配置为使用我公司的 O365 Azure AD 租户。 I can login to the application with accounts that are Global Administrators in the Azure AD tenant, but login fails for both我可以使用 Azure AD 租户中的全局管理员帐户登录应用程序,但两者都登录失败
- Internal users: O365 accounts that are no Global Administrators in the Azure AD tenant and内部用户:Azure AD 租户中没有全局管理员的 O365 帐户和
- Microsoft Accounts that are registered as Guest accounts.注册为来宾帐户的 Microsoft 帐户。
The error message is:错误信息是:
AADSTS90093: This operation can only be performed by an administrator.
The Azure AD application is a single-tenant one (but changing it to multi-tenant does not solve the issue). Azure AD 应用程序是单租户应用程序(但将其更改为多租户并不能解决问题)。
The application manifest is unchanged.应用程序清单保持不变。 How can I solve this and enable the login for both internal and external users?如何解决此问题并为内部和外部用户启用登录?
Update更新
As far as I can see, the app also does not require any permissions that require admin consent.据我所知,该应用程序也不需要任何需要管理员同意的权限。
1 个解决方案
解决方案1
1 已采纳 2017-01-09 19:07:34
The problem was that the application needed to be granted the permissions explicitely by clicking Grant permissions in the app registration settings:问题是需要通过单击应用程序注册设置中的授予权限来明确Grant permissions应用程序Grant permissions :
After granting the permissions, users can log into the application without being Global Administrators.授予权限后,用户无需成为全局管理员即可登录应用程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.