堆栈内存溢出
  简体   繁体   English

使用Graph API(Azure AD B2C)更改密码

[英]Change password using Graph API (Azure AD B2C)

 原文  2018-07-11 11:48:46       azure/ azure-ad-b2c

问题描述

From angular front-end and webapi as back-end, I'm trying to consume Graph API change password function, but I get following error: 从有角前端和webapi作为后端,我试图使用Graph API更改密码功能,但出现以下错误:

{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Access to change password operation is denied."}}} {“ odata.error”:{“ code”:“ Authorization_RequestDenied”,“ message”:{“ lang”:“ en”,“ value”:“拒绝更改密码操作。”}}}

Below is my code: 下面是我的代码: 

           private async void ChangePasswordPostRequest(ChangePasswordModel changePasswordModel){
                AuthenticationResult result = await authContext.AcquireTokenAsync(ApplicationConstants.aadGraphResourceId, credential);
                HttpClient http = new HttpClient();
                string url = ApplicationConstants.aadGraphEndpoint + tenant + "/users/" + "c55f7d4d-f81d-4338-bec7-145225366565" + "/changePassword?" + ApplicationConstants.aadGraphVersion;         

                HttpRequestMessage request = new HttpRequestMessage(new HttpMethod("POST"), url);
                request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);

                request.Content = new StringContent(JsonConvert.SerializeObject(new ChangePasswordPostModel() { currentPassword = changePasswordModel.CurrentPassword, newPassword = changePasswordModel.NewPassword }), Encoding.UTF8, "application/json");

                HttpResponseMessage response = await http.SendAsync(request);
                if (!response.IsSuccessStatusCode)
                {
                    string error = await response.Content.ReadAsStringAsync();
                    object formatted = JsonConvert.DeserializeObject(error);
                }
            }

I'm stuck at this, any help will be appreciated. 我对此感到困惑,将不胜感激。 Thanks in advance. 提前致谢。

2 个解决方案

解决方案1
 0  2018-07-11 22:35:39

The change password operation can only be called on behalf of the signed-in user. 只能代表登录用户调用更改密码操作

An application can change the password for a user using the reset password operation . 应用程序可以使用“重置密码”操作来更改用户的密码

The application must be assigned to the user account administrator role to change the password for the user. 必须将应用程序分配给用户帐户管理员角色,才能更改用户密码。

解决方案2
 0  2019-08-08 07:10:02

The change password operation can only be called on behalf of the signed-in user. 只能代表登录用户调用更改密码操作。 An application can change the password for a user using the reset password operation. 应用程序可以使用重置密码操作来更改用户的密码。 The application must be assigned to the user account administrator role to change the password for the user. 必须将应用程序分配给用户帐户管理员角色,才能更改用户密码。 @Chris Padgett @克里斯·帕吉特

With the beta endpoint of the Graph API it's now possible to get it done without PowerShell! 使用Graph API的beta端点,现在可以在没有PowerShell的情况下完成它! 

//Get App ObjectId
https://graph.microsoft.com/beta/servicePrincipals?$filter=appId eq '{appId}'

//Get roleId User Account Administrator role
GET: https://graph.microsoft.com/v1.0/directoryRoles?$filter=roleTemplateId eq 'fe930be7-5e62-47db-91af-98c3a49a38b1'

//If not found //Activate
POST: https://graph.microsoft.com/v1.0/directoryRoles

{
  "displayName": "User Account Administrator",
  "roleTemplateId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
}

//Add member
POST: https://graph.microsoft.com/beta/directoryRoles/{Id}/members/$ref
{
  "@odata.id": "https://graph.microsoft.com/beta/servicePrincipals/{Id returned in first request}"
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Graph API在Azure AD B2C上对用户进行身份验证 - Authenticate a user on Azure AD B2C using Graph API 使用图形 API 创建用户并将登录名作为用户名时,Azure AD B2C 密码重置不起作用 - Azure AD B2C Password reset does not work when the users are created using the graph API and Sign In Name as Username 在Azure AD B2C中使用Azure AD Graph API创建用户 - Create user using Azure AD Graph API in Azure AD B2C 使用AD Graph API从Azure AD B2C管理用户-安全访问 - Manage user from Azure AD B2C using AD Graph API - secure access Azure AD B2C - 密码更改流程 - Azure AD B2C - Password change flow 更改密码不适用于Azure AD B2C - Change Password Not working with Azure AD B2C 更改Xamarin形式的Azure AD B2C密码的方法 - Method to Change Password for Azure AD B2C in Xamarin Forms Azure AD B2C迁移时更改密码 - Azure AD B2C change password on migration Azure AD B2C Graph API 401 未经授权 - Azure AD B2C Graph API 401 Unauthorized 登录后是Azure AD B2C Graph API吗? - Azure AD B2C Graph API following login?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM