[英]Microsoft Graph API Mail.Send Access Denied
I have registered a application in Azure Active Directory as a Daemon authenticating with Client Secrets.我已在 Azure Active Directory 中将一个应用程序注册为使用客户端机密进行身份验证的守护程序。 I added Graph API Permissions and have granted administrator consent to get a sharepoint list and can successfully pull using the Graph API in c#.我添加了 Graph API 权限并已授予管理员许可以获取共享点列表,并且可以在 c# 中使用 Graph API 成功拉取。 I have also granted admin consent to the Mail.Send Graph API but get a access denied.我还向 Mail.Send Graph API 授予了管理员同意,但访问被拒绝。 The call is setup correctly and the email address I am using as the From field is the administrators mailbox.呼叫设置正确,我用作发件人字段的电子邮件地址是管理员邮箱。 IS there some additional configuration or miss configuration I am doing?我正在做一些额外的配置或错过配置吗?
Call to Authenticate打电话认证
var clientSecret = @"{My generated Secret in Azure}"; var clientId = @"{My Client Id}"; var tenantID = @"{My Tenant Id}"; IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder .Create(clientId) .WithTenantId(tenantID) .WithClientSecret(clientSecret) .Build(); ClientCredentialProvider authenticationProvider = new ClientCredentialProvider(confidentialClientApplication); return new GraphServiceClient(authenticationProvider);
My Calling Code to Send Email我的呼叫代码发送电子邮件
System.IO.MemoryStream ms = new System.IO.MemoryStream(); System.IO.StreamWriter writer = new System.IO.StreamWriter(ms); writer.Write(htmlDocument.Text); writer.Flush(); writer.Dispose(); MessageAttachmentsCollectionPage attachments = new MessageAttachmentsCollectionPage(); attachments.Add(new FileAttachment { ODataType = "#microsoft.graph.fileAttachment", ContentBytes = ms.ToArray(), ContentType = "text/html", ContentId = "testing", Name = "My_Report.html" }); var message = new Message { Subject = "My Report", Body = new ItemBody { ContentType = BodyType.Text, Content = "Here is your updated report from list" }, ToRecipients = new List<Recipient>() { new Recipient { EmailAddress = new EmailAddress { Address = "{End User to receive report}" } } }, CcRecipients = new List<Recipient>() { new Recipient { EmailAddress = new EmailAddress { Address = "{my admin email account}" } } }, From = new Recipient { EmailAddress = new EmailAddress { Address = "{my admin email account}" } }, Attachments = attachments }; var graphServiceClient = GetGraphServiceClient(); await graphServiceClient.Me .SendMail(message, null) .Request() .PostAsync();
You are using client credentials flow.您正在使用客户端凭据流。
When authenticating as an application (as opposed to with a user), you can't use delegated permissions - scopes that are granted by a user.当作为应用程序(而不是与用户)进行身份验证时,您不能使用委托权限 - 由用户授予的范围。 You must use application permissions, also known as roles, that are granted by an admin for the application or via pre-authorization by the web API.您必须使用应用程序权限(也称为角色),这些权限由应用程序管理员授予或通过 Web API 的预授权授予。
So you should give the app application permissions and grant admin consent in the portal.因此,您应该在门户中授予应用程序权限并授予管理员同意。
And modify the following code.并修改如下代码。
await graphClient.Users["your admin email account"]
.SendMail(message, null)
.Request()
.PostAsync();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.