Microsoft Graph Api令牌无效或未授权?
[英]Microsoft Graph Api token invalid or not authorized?
问题描述
I'm trying to read the user's data from Azure Active Directory via Microsofts' Graph API. 
我正在尝试通过Microsoft的Graph API从Azure Active Directory中读取用户的数据。 Using the Graph Explorer I'm able to get all users but using a stand alone application I end up with an "unauthorized" response after receiving a token. 使用Graph Explorer,我可以吸引所有用户,但是使用独立的应用程序,在收到令牌后,我得到一个“未经授权”的响应。 I'm clearly missing some steps but it isn't obvious to me what steps that would be. 我显然缺少一些步骤,但是对我来说,这显然不是什么步骤。 Any insight would be appreciated 任何见识将不胜感激
The code below is based off a MSFT sample: 以下代码基于MSFT示例:
// config values
// authority = "https://login.microsoftonline.com/{ TENANT ID }/oauth2/"
// resource uri = "https:// APP NAME .azurewebsites.net";
// graph uri = https://graph.windows.net/TENANT ID/ also tried https://graph.windows.net/v1.0/
// short form
public async void GetUsers( ADConfiguration config )
{
_authContext = new AuthenticationContext(config.GetAuthority());
_clientCredential = new ClientCredential(config.ClientId, config.ClientSecret);
AuthenticationResult result = null;
// obtain the token, this part is still successful
result = await _authContext.AcquireTokenAsync(config.ResourceUri, _clientCredential );
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
string address = config.GetGraphiUri() + "users?api-version=1.6";
// this response is always unauthorized
HttpResponseMessage response = await _httpClient.GetAsync(address);
}
2 个解决方案
解决方案1
1 2017-08-01 06:26:26
In addition to answer your new problem . 除了回答您的新问题。 From you code , you are acquiring token using client credential flow . 通过您的代码,您正在使用客户端凭据流来获取令牌。 In the client credentials flow, permissions are granted directly to the application itself. 在客户端凭据流中,权限直接授予应用程序本身。
Since you are using Azure AD Graph API , you need to add application permission : 由于使用的是Azure AD Graph API,因此需要添加application permission :
- In the Azure portal, choose your application, click on
Settings在Azure门户中,选择您的应用程序,然后单击“ Settings - In the Settings menu, choose the
Required permissionssection ,selectWindows Azure Active Directory(Azure ad graph api) , add related application permissions your app requires .在“设置”菜单中,选择“ Required permissions部分,选择“Windows Azure Active Directory(Azure广告图api),添加您的应用程序所需的相关应用程序权限。 - Inside your app's blade, hit
Grant Permissionsto do admin consent with your admin's credential .在您应用的刀片中,点击“ Grant Permissions以使用您的管理员凭据进行管理员同意。
解决方案2
0 2017-07-31 15:25:00
Your config values seem off: 您的配置值似乎已关闭:
Authority should be: https://login.microsoftonline.com/{TENANT ID} . 授权应该是: https://login.microsoftonline.com/{TENANT ID} : https://login.microsoftonline.com/{TENANT ID} 。
It seems to me that you are trying to use Azure AD Graph API, not Microsoft Graph API. 在我看来,您正在尝试使用Azure AD Graph API,而不是Microsoft Graph API。
In that case: 在这种情况下:
Resource URI should be: https://graph.windows.net/ . 资源URI应该是: https://graph.windows.net/ : https://graph.windows.net/ 。 (MS Graph API is https://graph.microsoft.com/ ) (MS Graph API为https://graph.microsoft.com/ )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.