使用Graph API更改Azure AD B2C用户密码
[英]Change Azure AD B2C User Password with Graph API
问题描述
I'm trying to use the Sample Graph API app to change a user's password but I'm getting: 
我正在尝试使用Sample Graph API应用程序来更改用户的密码,但我得到了:
Error Calling the Graph API Response: 调用Graph API响应时出错:
{
"odata.error": {
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
}
}
Graph API Request: 图形API请求:
PATCH /mytenant.onmicrosoft.com/users/some-guid?api-version=1.6 HTTP/1.1
client-request-id: ffd564d3-d716-480f-a66c-07b02b0e32ab
date-time-utc: 2017.08.10 03:04 PM
JSON File JSON文件
{
"passwordProfile": {
"password": "Somepassword1$",
"forceChangePasswordNextLogin": false
}
}
I've tested updating the user's displayName and that works fine. 我已经测试过更新用户的displayName ,并且工作正常。
{
"displayName": "Joe Consumer"
}
AD Application Permissions AD应用程序权限
I've configured my app permissions as described here. 我按照此处的说明配置了我的应用权限。
2 个解决方案
解决方案1
11 已采纳 2017-08-15 21:03:39
Check out this article . 看看这篇文章 。 Seems like it has the same symptoms. 好像它有相同的症状。
Solution 1: 解决方案1:
If you are receiving this error when you call the API that includes only read permissions, you have to set permissions in Azure Management Portal. 如果在调用仅包含读取权限的API时收到此错误,则必须在Azure管理门户中设置权限。
- Go to Azure Management Portal and click Active Directory. 转到Azure管理门户,然后单击“Active Directory”。
- Select your custom AD directory. 选择自定义AD目录。
- Click Applications and select your Application. 单击Applications并选择您的应用程序。
- Click CONFIGURE and scroll down to the section 'Permissions to other applications'. 单击配置并向下滚动到“其他应用程序的权限”部分。
- Provide required Application Permissions and Delegated Permissions for Windows Azure Active Directory. 为Windows Azure Active Directory提供所需的应用程序权限和委派权限。
- Finally save the changes. 最后保存更改。
Solution 2: 解决方案2:
If you are receiving this error when you call the API that includes delete or reset password operations, that is because those operations require the Admin role of Company Administrator . 如果在调用包含delete或reset password操作的API时收到此错误,那是因为这些操作需要Company Administrator的管理员角色。 As of now, you can only add this role via the Azure AD Powershell module . 截至目前,您只能通过Azure AD Powershell模块添加此角色。
Find the service principal using Get-MsolServicePrincipal –AppPrincipalId
使用Get-MsolServicePrincipal -AppPrincipalId查找服务主体 Get-MsolServicePrincipal | ft DisplayName, AppPrincipalId -AutoSizeUse Add-MsolRoleMember to add it to
Company Administratorrole使用Add-MsolRoleMember将其添加到Company Administrator角色$clientIdApp = 'your-app-id' $webApp = Get-MsolServicePrincipal –AppPrincipalId $clientIdApp Add-MsolRoleMember -RoleName "Company Administrator" -RoleMemberType ServicePrincipal -RoleMemberObjectId $webApp.ObjectId
To connect to your B2C tenant via PowerShell you will need a local admin account. 要通过PowerShell连接到您的B2C租户,您需要一个本地管理员帐户。 This blog post should help with that, see "The Solution" section. 这篇博文应该有所帮助 ,请参阅“解决方案”部分。
解决方案2
0 2017-08-30 14:56:15
Try below settings, works for me. 尝试以下设置,适合我。
Used the below JSON 使用以下JSON
{
"accountEnabled": true,
"signInNames": [
{
"type": "emailAddress",
"value": "kart.kala1@test.com"
}
],
"creationType": "LocalAccount",
"displayName": "Joe Consumer",
"mailNickname": "joec",
"passwordProfile": {
"password": "P@$$word!",
"forceChangePasswordNextLogin": false
},
"passwordPolicies": "DisablePasswordExpiration",
"givenName": "Joe",
}
Also make sure you assign the application the user account, administrator role which will allow it to delete users link here 另外,请确保为应用程序分配用户帐户,管理员角色,以便在此处删除用户链接
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.