[英]Inviting users through Microsoft.Graph gives error
應該邀請用戶,然后用更多信息更新該用戶https://docs.microsoft.com/zh-cn/graph/api/invitation-post?view=graph-rest-1.0
資源
"Microsoft.Graph.Core"
信息
"Code: Unauthorized\r\nMessage: Insufficient privileges to perform requested operation by the application '00000003-0000-0000-c000-000000000000'. ControllerName=MSGraphInviteAPI, ActionName=CreateInvite, URL absolute path=/api/9cXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/invites\r\n\r\nInner error\r\n"
堆棧跟蹤
at Microsoft.Graph.HttpProvider.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)
at Microsoft.Graph.BaseRequest.SendRequestAsync(Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption)
at Microsoft.Graph.BaseRequest.SendAsync[T](Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption)
at Web.Api.Infrastructure.Infrastructure.Repositories.AzureRepository.CreateUser(CreateUserCommand user) in C:\Users\SamPrecious\source\repos\Adept\src\adept-web-api\Web.Api.Infrastructure\Infrastructure\Repositories\AzureRepository.cs:line 166
SDK版本:netcoreapp2.2
“ Microsoft.Graph”版本=“ 1.13.0”“ Microsoft.Graph.Core”版本=“ 1.13.0”
IDE版本:VS Code-1.31.1 Vsiual Studio Enterprise 2017-4.7.03056
我有此方法(將創建GraphServiceClient的代碼移到該方法中以證明觀點),客戶端通過App注冊進行身份驗證(我獲得了訪問令牌),但是當運行Invite的代碼運行時,authenticationContext.AcquireTokenAsync再次觸發並我上面的堆棧跟蹤出現錯誤。 根據API文檔,客戶端應用程序具有User.Invite.All,User.ReadWrite.All,Directory.ReadWrite.All。
為什么將AppId在代碼中更改為以上消息中的代碼?
public async Task<string> CreateUser(CreateUserCommand user)
{
try
{
var clientCredential = new ClientCredential(_configuration["appId"], _configuration["secret"]);
var authenticationContext = new AuthenticationContext(_configuration["authority"]);
var authenticationResult = authenticationContext.AcquireTokenAsync("https://graph.microsoft.com", clientCredential).Result;
var delegateAuthProvider = new DelegateAuthenticationProvider((requestMessage) =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", authenticationResult.AccessToken);
return Task.FromResult(0);
});
var con = new GraphServiceClient(delegateAuthProvider);
//invite user
Invitation invitation = new Invitation();
invitation.InvitedUserDisplayName = user.Name;
invitation.SendInvitationMessage = true;
invitation.InvitedUserEmailAddress = user.Email;
invitation.InviteRedirectUrl = "http://localhost";
var result = await con.Invitations.Request().AddAsync(invitation);
//update user
var aadUser = _connection.GetConnection().ActiveDirectoryUsers.GetById(result.Id);
var updateUser = result.InvitedUser;
updateUser.DisplayName = user.Name;
updateUser.Surname = user.Surname;
updateUser.Mail = user.Email;
updateUser.MobilePhone = user.Phone;
await con.Users[result.InvitedUser.Id].Request().UpdateAsync(updateUser);
return aadUser.UserPrincipalName;
}
catch (System.Exception)
{
throw;
}
}
CreateUserCommand:
public class CreateUserCommand
{
public string Name { get; set; }
public string Surname { get; set; }
public string Email { get; set; }
public string Phone { get; set; }
}
這是應用程序注冊的截圖
權限:
IConfiguration對象中的應用ID
委派權限僅在您在用戶上下文中調用API時才重要。
由於您使用的是客戶端憑據,因此沒有用戶。 僅應用程序權限適用,因此請在此處設置正確的權限。
另外,由於您具有異步功能,因此最好也等待令牌:
var authenticationResult = await authenticationContext.AcquireTokenAsync("https://graph.microsoft.com", clientCredential);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.