[英]Change Azure AD B2C User Password with Graph API
I'm trying to use the Sample Graph API app to change a user's password but I'm getting: 我正在尝试使用Sample Graph API应用程序来更改用户的密码,但我得到了:
Error Calling the Graph API Response: 调用Graph API响应时出错:
{
"odata.error": {
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
}
}
Graph API Request: 图形API请求:
PATCH /mytenant.onmicrosoft.com/users/some-guid?api-version=1.6 HTTP/1.1
client-request-id: ffd564d3-d716-480f-a66c-07b02b0e32ab
date-time-utc: 2017.08.10 03:04 PM
JSON File JSON文件
{
"passwordProfile": {
"password": "Somepassword1$",
"forceChangePasswordNextLogin": false
}
}
I've tested updating the user's displayName
and that works fine. 我已经测试过更新用户的
displayName
,并且工作正常。
{
"displayName": "Joe Consumer"
}
AD Application Permissions AD应用程序权限
I've configured my app permissions as described here. 我按照此处的说明配置了我的应用权限。
Check out this article . 看看这篇文章 。 Seems like it has the same symptoms.
好像它有相同的症状。
Solution 1: 解决方案1:
If you are receiving this error when you call the API that includes only read permissions, you have to set permissions in Azure Management Portal. 如果在调用仅包含读取权限的API时收到此错误,则必须在Azure管理门户中设置权限。
Solution 2: 解决方案2:
If you are receiving this error when you call the API that includes delete
or reset password
operations, that is because those operations require the Admin role of Company Administrator
. 如果在调用包含
delete
或reset password
操作的API时收到此错误,那是因为这些操作需要Company Administrator
的管理员角色。 As of now, you can only add this role via the Azure AD Powershell module . 截至目前,您只能通过Azure AD Powershell模块添加此角色。
Find the service principal using Get-MsolServicePrincipal –AppPrincipalId 使用Get-MsolServicePrincipal -AppPrincipalId查找服务主体
Get-MsolServicePrincipal | ft DisplayName, AppPrincipalId -AutoSize
Use Add-MsolRoleMember to add it to Company Administrator
role 使用Add-MsolRoleMember将其添加到
Company Administrator
角色
$clientIdApp = 'your-app-id' $webApp = Get-MsolServicePrincipal –AppPrincipalId $clientIdApp Add-MsolRoleMember -RoleName "Company Administrator" -RoleMemberType ServicePrincipal -RoleMemberObjectId $webApp.ObjectId
To connect to your B2C tenant via PowerShell you will need a local admin account. 要通过PowerShell连接到您的B2C租户,您需要一个本地管理员帐户。 This blog post should help with that, see "The Solution" section.
这篇博文应该有所帮助 ,请参阅“解决方案”部分。
Try below settings, works for me. 尝试以下设置,适合我。
Used the below JSON 使用以下JSON
{
"accountEnabled": true,
"signInNames": [
{
"type": "emailAddress",
"value": "kart.kala1@test.com"
}
],
"creationType": "LocalAccount",
"displayName": "Joe Consumer",
"mailNickname": "joec",
"passwordProfile": {
"password": "P@$$word!",
"forceChangePasswordNextLogin": false
},
"passwordPolicies": "DisablePasswordExpiration",
"givenName": "Joe",
}
Also make sure you assign the application the user account, administrator role which will allow it to delete users link here 另外,请确保为应用程序分配用户帐户,管理员角色,以便在此处删除用户链接
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.