[英]Inviting a User in Azure AD through Microsoft Graph API doesn't work
Below is the code that I have put to invite a user in Azure AD. 以下是我在Azure AD中邀请用户使用的代码。
I get an "unauthorized" response. 我收到“未经授权”的回复。 I am not sure what permission/setting are missing. 我不确定缺少哪些权限/设置。 Do anyone have the idea. 有谁有主意。
string accessToken = await AuthenticationHelper.GetTokenForApplication ();
InvitationModel invite = new InvitationModel ();
invite.invitedUserEmailAddress = user.Email;
invite.inviteRedirectUrl = ConfigurationManager.AppSettings["InviteRedirectUrl"];
invite.sendInvitationMessage = true;
using (HttpClient client = new HttpClient ()) {
client.BaseAddress = new Uri ("https://graph.microsoft.com");
client.DefaultRequestHeaders.Accept.Add (
new MediaTypeWithQualityHeaderValue ("application/json"));
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue ("Bearer", accessToken);
HttpResponseMessage response =
client.PostAsJsonAsync<InvitationModel> ("v1.6/invitations", invite).Result;
dynamic inviteResult =
response.Content.ReadAsAsync<dynamic> ().Result;
if (inviteResult.status != "Error") { }
}
You're problem is that you conflating Microsoft Graph and Azure AD Graph here. 您的问题在于,您在此处将Microsoft Graph和Azure AD Graph进行了合并。 These are two distinct APIs with different calling conversions and permission scopes. 这是两个不同的API,具有不同的调用转换和权限范围。
In order to create an Invitation you will need one of the following permission scopes ( Note that the first is the most restrictive permission (globally), the last the most permissive ): 为了创建邀请,您将需要以下许可权范围之一 ( 请注意,第一个是(全局性)限制性最强的许可权,最后一个是许可性最强的许可权 ):
User.Invite.All
User.ReadWrite.All
Directory.ReadWrite.All
Note that all of these scopes are admin-restricted and will require Admin Consent before you can use them 请注意,所有这些范围都是受管理员限制的,在使用它们之前需要获得管理员同意
Once you have a valid token, you'll need to make a POST
call to https://graph.microsoft.com/v1.0/invitations
with the following body: 获得有效令牌后,您需要使用以下主体对: https://graph.microsoft.com/v1.0/invitations
进行POST
调用:
{
"invitedUserEmailAddress": "yyy@test.com",
"inviteRedirectUrl": "https://myapp.com"
}
Since you're using C#, I would strongly recommend using Microsoft Graph Client Library rather than hand-rolling your own HttpClient
calls. 由于您使用的是C#,因此我强烈建议您使用Microsoft Graph Client Library,而不是手动滚动自己的HttpClient
调用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.