Background Information.
I would like my ASP.NET web application to use the MS Identity platform to authenicate users... and allow them to see their own profile. This part of my code is working. I also have a function that allows the end user to pick an file from their local computer and upload to SP via upload session via MS Graph. This is also currently working
The security configuration I have under "API Permissions" for my Azure Application registration is as follows:
But now I would like to have the application itself do the file upload. So I change the security settings to look like this:
When I try to upload, I get an access denied error message returned
I also added "Files.ReadWrite.All" for the application, but that didn't work either. Can someone point me in the right direction? Do i have to create a separate graphClient just for the application to the upload?
EDIT 1
I'm wondering if this is relevant:
Does anyone know what the OP means when he says
Our application is registered to have access at target site collection with permission role "WRITE"
Or maybe a better question is how do you do this?
After assign the application type api permission to your azure ad app, you need to use ClientCredentialFlow
to generate the access token and used it to call the api.
Then you can use the access token to send http request directly. It's an division part so it should work in your scenario.
using Azure.Identity;
using Microsoft.Identity.Client;
IConfidentialClientApplication app;
app = ConfidentialClientApplicationBuilder.Create("azure_ad_app_client_id")
.WithClientSecret("client_secret")
.WithAuthority(new Uri("https://login.microsoftonline.com/your_tanent_name.onmicrosoft.com"))
.Build();
AuthenticationResult result = null;
string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
result = await app.AcquireTokenForClient(scopes)
.ExecuteAsync();
string accesstoken = result.AccessToken;
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.