堆栈内存溢出
  简体   繁体   English

AADSTS90093:由于Azure Active Directory中缺少权限,因此调用主体无法同意

[英]AADSTS90093:Calling principal cannot consent due to lack of permissions in Azure Active directory

 原文  2017-04-07 10:21:44       azure/ permissions/ azure-active-directory/ principal

问题描述

We have a requirement to integrate the Web application to Azure active directory Multi-tenant authentication. 我们需要将Web应用程序集成到Azure活动目录多租户身份验证。 We have changed the end point URL to " https://login.microsoftonline.com/common ". 我们已将端点URL更改为“ https://login.microsoftonline.com/common ”。 We tried to login to our application with our work email id. 我们尝试使用工作电子邮件ID登录到我们的应用程序。 We got the following Error. 我们收到以下错误。

Additional technical information: 其他技术信息:
Correlation ID: 72ec287c-XXXX-XXXX-XXXX-4bf49d167541 Timestamp: 2017-04-07 09:48:57Z AADSTS90093: Calling principal cannot consent due to lack of permissions. 相关ID:72ec287c-XXXX-XXXX-XXXX-4bf49d167541时间戳记:2017-04-07 09:48:57Z AADSTS90093:由于缺少权限,呼叫委托人无法同意。

We have find that we missed some permissions to our Application in AD.Could anyone please help us what kind of permissions need to provide. 我们发现我们错过了对AD中应用程序的某些权限。任何人都可以帮助我们提供什么样的权限。

Thanks in advance. 提前致谢。

2 个解决方案

解决方案1
 0  2017-04-07 10:49:21

The error is saying that the user who is logging in cannot give consent for the app. 错误是指正在登录的用户无法同意该应用程序。 When you log in from a tenant where the app is not yet consented, you must be an AAD admin. 当您从尚未同意该应用程序的租户登录时,您必须是AAD管理员。

解决方案2
 0  2017-04-11 03:08:05

This error indicates that the users are not able to give the consent to the app. 此错误表明用户无法同意该应用。

There are two permission level in Azure AD developing, one requires administrator's consent and the other doesn't. Azure AD开发中有两种权限级别,一种需要管理员的同意,而另一种则不需要。

If the app you were using was developed by your organization, you also can grant the permission via the Azure portal when it is register like figure below: 如果您使用的应用程序是由您的组织开发的,则当注册时,还可以通过Azure门户授予权限,如下图所示: 在此处输入图片说明

If the app was developed by other organization, please ensure the app also provide a way(maybe a separate button) to grant the consent for the organization. 如果该应用是由其他组织开发的,请确保该应用还提供了一种方式(可能是一个单独的按钮)来授予组织的同意。 Then you can notify the administrator to grant the permission for all organization. 然后,您可以通知管理员为所有组织授予权限。 More detail about the admin consent , you can refer this document . 有关管理员同意的更多详细信息,可以参考此文档

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AADSTS90093:由于缺少权限,主叫方无法同意 - AADSTS90093: Calling principal cannot consent due to lack of permissions Office365 OAuth API返回错误“AADSTS90093:无权访问” - Office365 OAuth API returns error “AADSTS90093: Does not have access to consent” 以全局管理员身份登录时的AADSTS90093 - AADSTS90093 when signed in as Global Admin 使用非管理员/Microsoft 帐户登录 Azure AD 时出现错误 AADSTS90093 - Error AADSTS90093 when logging into Azure AD with non-admin/Microsoft Accounts AADSTS90093:此操作只能由管理员执行 - AADSTS90093: This operation can only be performed by an administrator 批准AAD租户中的单个应用以防止AADSTS90093错误 - Approve single app in AAD tenant to prevent AADSTS90093 error 错误AADSTS90093在Microsoft“融合”OAuth授权组织O365帐户 - Error AADSTS90093 on Microsoft “converged” OAuth authorize for organizational O365 account Azure Active Directory登录:Web应用程序权限,未触发用户同意 - Azure Active Directory Login: Web App Permissions, User Consent not triggered Azure Active Directory同意缓存吗? - Is Azure Active Directory Consent Cached? .Net Core MVC 应用与 IdentityServer4,使用 Azure Active Directory 登录。 管理员同意和权限问题 - .Net Core MVC app with IdentityServer4, login with Azure Active Directory. Problem with admin consent and permissions
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM