[英]403 forbidden when retrieve all users from Azure AD using Graph API
嘗試讓所有用戶使用Graph API時,我從Azure AD獲得403 Forbidden響應:
public static async Task<string> AppAuthenticationAsync()
{
var tenant = ConfigurationManager.AppSettings["ida:TenantId"];
var resource = "https://graph.microsoft.com/";
var clientID = ConfigurationManager.AppSettings["ida:ClientId"];
var secret = ConfigurationManager.AppSettings["ida:AppKey"];
var authority = $"https://login.microsoftonline.com/{tenant}";
var authContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(authority);
var credentials = new ClientCredential(clientID, secret);
var authResult = await authContext.AcquireTokenAsync(resource, credentials);
return authResult.AccessToken;
}
public static async Task<string[]> GetUsersListAsync(HttpClient client)
{
var payload = await client.GetStringAsync($"https://graph.microsoft.com/v1.0/users");
var obj = JsonConvert.DeserializeObject<JObject>(payload);
var users = from g in obj["value"]
select g["displayName"].Value<string>();
return users.ToArray();
}
以下是代碼,在我的控制器中使用以獲得結果
var token = await AppAuthenticationAsync();
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
var users = await GetUsersListAsync(client);
lstADUsers = users.ToList();
}
在Azure AD中注冊的客戶端具有以下所有權限:
我錯過了什么嗎?
您已授予委派權限,但使用客戶端憑據調用API。
為API提供應用程序應用程序權限,您就可以調用它。 委派權限僅在您代表用戶撥打電話時適用。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.