通过Microsoft.Graph邀请用户会出现错误

Question

Expected behavior 预期行为

Should invite a user then update the user with some more information https://docs.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-1.0 应该邀请用户，然后用更多信息更新该用户https://docs.microsoft.com/zh-cn/graph/api/invitation-post?view=graph-rest-1.0

Actual behavior 实际行为

Source 资源

"Microsoft.Graph.Core"

Message 信息

"Code: Unauthorized\r\nMessage: Insufficient privileges to perform requested operation by the application '00000003-0000-0000-c000-000000000000'. ControllerName=MSGraphInviteAPI, ActionName=CreateInvite, URL absolute path=/api/9cXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/invites\r\n\r\nInner error\r\n"

Stacktrace 堆栈跟踪

   at Microsoft.Graph.HttpProvider.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)
   at Microsoft.Graph.BaseRequest.SendRequestAsync(Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption)
   at Microsoft.Graph.BaseRequest.SendAsync[T](Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption)
   at Web.Api.Infrastructure.Infrastructure.Repositories.AzureRepository.CreateUser(CreateUserCommand user) in C:\Users\SamPrecious\source\repos\Adept\src\adept-web-api\Web.Api.Infrastructure\Infrastructure\Repositories\AzureRepository.cs:line 166

Steps to reproduce the behavior 重现行为的步骤

SDK Version: netcoreapp2.2 SDK版本：netcoreapp2.2
"Microsoft.Graph" Version="1.13.0" "Microsoft.Graph.Core" Version="1.13.0" “ Microsoft.Graph”版本=“ 1.13.0”“ Microsoft.Graph.Core”版本=“ 1.13.0”

IDE Version: VS Code - 1.31.1 Vsiual Studio Enterprise 2017 - 4.7.03056 IDE版本：VS Code-1.31.1 Vsiual Studio Enterprise 2017-4.7.03056

I have this method (moving the code to create a GraphServiceClient into the method to prove a point) The client authenticates with the App registration (I get an access token back) but when the code to Invite runs, the authenticationContext.AcquireTokenAsync triggers again and I get an error with the stack trace above. 我有此方法（将创建GraphServiceClient的代码移到该方法中以证明观点），客户端通过App注册进行身份验证（我获得了访问令牌），但是当运行Invite的代码运行时，authenticationContext.AcquireTokenAsync再次触发并我上面的堆栈跟踪出现错误。 The client application has User.Invite.All, User.ReadWrite.All, Directory.ReadWrite.All as per the API documentation. 根据API文档，客户端应用程序具有User.Invite.All，User.ReadWrite.All，Directory.ReadWrite.All。

Why is the AppId changing in the code to the one in the above Message? 为什么将AppId在代码中更改为以上消息中的代码？

public async Task<string> CreateUser(CreateUserCommand user)
        {
            try
            {
                var clientCredential = new ClientCredential(_configuration["appId"], _configuration["secret"]);
                var authenticationContext = new AuthenticationContext(_configuration["authority"]);
                var authenticationResult = authenticationContext.AcquireTokenAsync("https://graph.microsoft.com", clientCredential).Result;

                var delegateAuthProvider = new DelegateAuthenticationProvider((requestMessage) =>
                {
                    requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", authenticationResult.AccessToken);

                    return Task.FromResult(0);
                });

                var con = new GraphServiceClient(delegateAuthProvider);

                //invite user
                Invitation invitation = new Invitation();
                invitation.InvitedUserDisplayName = user.Name;
                invitation.SendInvitationMessage = true;
                invitation.InvitedUserEmailAddress = user.Email;
                invitation.InviteRedirectUrl = "http://localhost";
                var result = await con.Invitations.Request().AddAsync(invitation);

                //update user
                var aadUser = _connection.GetConnection().ActiveDirectoryUsers.GetById(result.Id);
                var updateUser = result.InvitedUser;
                updateUser.DisplayName = user.Name;
                updateUser.Surname = user.Surname;
                updateUser.Mail = user.Email;
                updateUser.MobilePhone = user.Phone;
                await con.Users[result.InvitedUser.Id].Request().UpdateAsync(updateUser);
                return aadUser.UserPrincipalName;
            }
            catch (System.Exception)
            {

                throw;
            }


        }

The CreateUserCommand: CreateUserCommand：

public class CreateUserCommand
    {
        public string Name { get; set; }
        public string Surname { get; set; }
        public string Email { get; set; }
        public string Phone { get; set; }
    }

Here is a capture of the app registration 这是应用程序注册的截图 appreg

Permissions: 权限：

App Id in the IConfiguration object IConfiguration对象中的应用ID

Answer 1

Delegated permissions only matter when you are calling an API in a user context. 委派权限仅在您在用户上下文中调用API时才重要。

Since you are using client credentials, there is no user. 由于您使用的是客户端凭据，因此没有用户。 Only application permissions apply, so set the correct permissions there. 仅应用程序权限适用，因此请在此处设置正确的权限。

Also, since you have an async function, it's better to await the token as well: 另外，由于您具有异步功能，因此最好也等待令牌：

var authenticationResult = await authenticationContext.AcquireTokenAsync("https://graph.microsoft.com", clientCredential);

通过Microsoft.Graph邀请用户会出现错误

问题描述

Expected behavior 预期行为

Actual behavior 实际行为

Steps to reproduce the behavior 重现行为的步骤

1 个解决方案

解决方案1
1 已采纳 2019-03-05 11:06:56

通过Microsoft.Graph邀请用户会出现错误

问题描述

Expected behavior 预期行为

Actual behavior 实际行为

Steps to reproduce the behavior 重现行为的步骤

1 个解决方案

解决方案1 1 已采纳 2019-03-05 11:06:56

解决方案1
1 已采纳 2019-03-05 11:06:56