堆栈内存溢出
  简体   繁体   English

通过Microsoft Graph API在Azure AD中邀请用户无效

[英]Inviting a User in Azure AD through Microsoft Graph API doesn't work

 原文  2018-01-04 12:35:52       azure-active-directory/ microsoft-graph

问题描述

Below is the code that I have put to invite a user in Azure AD. 以下是我在Azure AD中邀请用户使用的代码。

I get an "unauthorized" response. 我收到“未经授权”的回复。 I am not sure what permission/setting are missing. 我不确定缺少哪些权限/设置。 Do anyone have the idea. 有谁有主意。 

string accessToken = await AuthenticationHelper.GetTokenForApplication ();
InvitationModel invite = new InvitationModel ();
invite.invitedUserEmailAddress = user.Email;
invite.inviteRedirectUrl = ConfigurationManager.AppSettings["InviteRedirectUrl"];
invite.sendInvitationMessage = true;
using (HttpClient client = new HttpClient ()) {
    client.BaseAddress = new Uri ("https://graph.microsoft.com");

    client.DefaultRequestHeaders.Accept.Add (
        new MediaTypeWithQualityHeaderValue ("application/json"));

    client.DefaultRequestHeaders.Authorization =
        new AuthenticationHeaderValue ("Bearer", accessToken);

    HttpResponseMessage response =
        client.PostAsJsonAsync<InvitationModel> ("v1.6/invitations", invite).Result;

    dynamic inviteResult =
        response.Content.ReadAsAsync<dynamic> ().Result;

    if (inviteResult.status != "Error") { }
}

1 个解决方案

解决方案1
 5 已采纳  2018-01-04 18:10:10

You're problem is that you conflating Microsoft Graph and Azure AD Graph here. 您的问题在于,您在此处将Microsoft Graph和Azure AD Graph进行了合并。 These are two distinct APIs with different calling conversions and permission scopes. 这是两个不同的API,具有不同的调用转换和权限范围。

In order to create an Invitation you will need one of the following permission scopes ( Note that the first is the most restrictive permission (globally), the last the most permissive ): 为了创建邀请,您将需要以下许可权范围之一请注意,第一个是(全局性)限制性最强的许可权,最后一个是许可性最强的许可权 ):

  • User.Invite.All
  • User.ReadWrite.All
  • Directory.ReadWrite.All

Note that all of these scopes are admin-restricted and will require Admin Consent before you can use them 请注意,所有这些范围都是受管理员限制的,在使用它们之前需要获得管理员同意

Once you have a valid token, you'll need to make a POST call to https://graph.microsoft.com/v1.0/invitations with the following body: 获得有效令牌后,您需要使用以下主体对: https://graph.microsoft.com/v1.0/invitations进行POST调用: 

{
  "invitedUserEmailAddress": "yyy@test.com",
  "inviteRedirectUrl": "https://myapp.com"
}

Since you're using C#, I would strongly recommend using Microsoft Graph Client Library rather than hand-rolling your own HttpClient calls. 由于您使用的是C#,因此我强烈建议您使用Microsoft Graph Client Library,而不是手动滚动自己的HttpClient调用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 多个选择错误通过Microsoft Graph邀请用户 - Multiple Choices error inviting a user through the Microsoft Graph Azure AD Graph API或Microsoft Graph API来访问Azure AD B2C租户中的用户属性 - Azure AD Graph API or Microsoft Graph API to access User attributes in Azure AD B2C tenant 如何使用microsoft graph api为azure ad中的用户分配角色 - How to use microsoft graph api for assigning role to the user in azure ad 使用Microsoft graph API或Azure AD graph API从用户界面中删除对用户的应用程序访问 - Removing application access to user from User interface by using Microsoft graph API or Azure AD graph api 我可以在GUI的哪里查看通过Microsoft Graph beta API创建并使用无用户身份验证发布的Azure AD应用程序? - Where can I view in a GUI Azure AD apps created through Microsoft Graph beta API and posted using user-less authentication? Microsoft Graph Azure AD用户不同步 - Microsoft Graph Azure AD User Out Of Sync Microsoft图形和Azure广告用户身份验证 - Microsoft graph and Azure Ad user authentication 是否可以通过Azure AD Graph API或Microsoft Graph API在租户中获取所有用户信息? - Is it possible to get all the user informations in a tenant by Azure AD Graph API or Microsoft Graph API? Microsoft Graph API - Azure AD Connect - extensionAttribute - Microsoft Graph API - Azure AD Connect - extensionAttribute 带有外部帐户和Microsoft Graph API的Azure AD - Azure AD with external accounts and Microsoft Graph API
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM