[英]Error AADSTS90093 when logging into Azure AD with non-admin/Microsoft Accounts
I've created a ASP.NET MVC web application that is configured to use the O365 Azure AD tenant of my company.我创建了一个 ASP.NET MVC Web 应用程序,该应用程序配置为使用我公司的 O365 Azure AD 租户。 I can login to the application with accounts that are Global Administrators in the Azure AD tenant, but login fails for both我可以使用 Azure AD 租户中的全局管理员帐户登录应用程序,但两者都登录失败
The error message is:错误信息是:
AADSTS90093: This operation can only be performed by an administrator. AADSTS90093:此操作只能由管理员执行。
The Azure AD application is a single-tenant one (but changing it to multi-tenant does not solve the issue). Azure AD 应用程序是单租户应用程序(但将其更改为多租户并不能解决问题)。
The application manifest is unchanged.应用程序清单保持不变。 How can I solve this and enable the login for both internal and external users?如何解决此问题并为内部和外部用户启用登录?
Update更新
As far as I can see, the app also does not require any permissions that require admin consent.据我所知,该应用程序也不需要任何需要管理员同意的权限。
The problem was that the application needed to be granted the permissions explicitely by clicking Grant permissions
in the app registration settings:问题是需要通过单击应用程序注册设置中的授予权限来明确Grant permissions
应用程序Grant permissions
:
After granting the permissions, users can log into the application without being Global Administrators.授予权限后,用户无需成为全局管理员即可登录应用程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.