[英]Get user mail from o365 using graph sdk in a console app
我想在没有用户交互的情况下从 .net 控制台应用程序读取用户邮件。 我想让应用程序访问只读选定的用户邮件,而不是作为可以阅读所有用户邮件的全局管理员。 我想使用 .net Microsoft.Graph 库而不是原始 REST 接口。 我想我需要或多或少的分步说明,这有七种可能
我创建了一个新的应用程序注册和一个客户密码
该代码只是我尝试过的众多代码之一,但我真的找不到任何可以做我想做的事情。
var tenantId = "domain123.onmicrosoft.com";
var client_Id = "1234567789";
var client_Secret = "123243456777";
var scopes = new[] { "https://graph.microsoft.com/.default" };
// Configure app builder
var authority = $"https://login.microsoftonline.com/{tenantId}";
var app = ConfidentialClientApplicationBuilder
.Create(client_Id)
.WithClientSecret(client_Secret)
.WithAuthority(new Uri(authority))
.WithLogging(MyLoggingMethod, LogLevel.Verbose,
enablePiiLogging: true,
enableDefaultPlatformLogging: true)
.Build();
// Acquire tokens for Graph API
var authenticationResult = await app.AcquireTokenForClient(scopes).ExecuteAsync();
// Create GraphClient and attach auth header to all request (acquired on previous step)
var graphClient = new GraphServiceClient(
new DelegateAuthenticationProvider(requestMessage =>
{
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("bearer", authenticationResult.AccessToken);
return Task.FromResult(0);
}));
// Call Graph API
var user = await graphClient.Users["user123@domain123.onmicrosoft.com"].Messages.Request().GetAsync();
代码:NoPermissionsInAccessToken 消息:令牌不包含权限,或者权限无法被理解。
内在错误
我可以建议您使用提供的其中一个,而不是尝试推出您自己的 DelegateAuthenticationProvider 吗? 例如
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenantID)
.WithClientSecret(clientSecret)
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
var graphClient = new GraphServiceClient(authProvider);
Docs: https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS#ClientCredentialsProvider Nuget: https://www.nuget.org/packages/Microsoft.Graph.Auth /1.0.0-preview.1
我之前确实成功地尝试过这个,但是由于不推荐对 UsernamePasswordProvider 的评论,我希望有一个更好的解决方案。
为了让它工作,我做了以下步骤
这真的是做我想做的最好的方法吗?
static async Task Main(string[] args)
{
var GraphClient = CreateGraphClient();
User me = await GraphClient.Me.Request()
.WithUsernamePassword("user123@domain123.onmicrosoft.com", new NetworkCredential("", "MyPassword").SecurePassword)
.GetAsync();
Console.WriteLine("OK:" + me.DisplayName);
Console.ReadLine();
}
public static GraphServiceClient CreateGraphClient()
{
string clientId = "1234567-1234-1234-12345-1234567890";
string tenantID = "domain123.onmicrosoft.com";
IPublicClientApplication publicClientApplication = PublicClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenantID)
.Build();
UsernamePasswordProvider authProvider = new UsernamePasswordProvider(publicClientApplication, null);
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
return graphClient;
}
另一种解决方案可能是获得应用程序权限,然后使用 PowerShell new-applicationaccesspolicy https://docs.microsoft.com/en-us/powershell/module/exchange/organization/new-applicationaccesspolicy?view=exchange-ps设置访问策略那个我还没试过,有谁知道这有帮助吗?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.