MsalServiceException：AADSTS500011：未找到名為 https://graph.microsoft.com/v1.0 的資源主體

Question

范圍值 = "https://graph.microsoft.com/.default" 或 "https://graph.microsoft.com/beta"

在 asp.net c# 中給出以下錯誤。

MsalServiceException：AADSTS500011：在名為“xxxxxxxx”的租戶中找不到名為https://graph.microsoft.com/v1.0的資源主體。 如果應用程序尚未由租戶的管理員安裝或租戶中的任何用戶未同意，則可能會發生這種情況。 您可能將身份驗證請求發送給了錯誤的租戶。

代碼：

string clientId = AppClientID;
        string clientSecret = Secret;
        string redirectUri =`enter code here` System.Configuration.ConfigurationManager.AppSettings["redirectUri"]; 
        string authority = "https://login.microsoftonline.com/" + tenantID;              
        string[] scopes = new string[] { "https://graph.microsoft.com/.default" };        
        //string[] scopes = new string[] { "https://graph.microsoft.com/beta/.default" };        
        IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
            .Create(clientId)
            .WithRedirectUri(redirectUri)
            .WithClientSecret(clientSecret)
            .WithAuthority(authority)
            .Build();
        AuthorizationCodeProvider auth = new AuthorizationCodeProvider(app, scopes);
        GraphServiceClient graphServiceClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) =>
        {           
            var authResult = app.AcquireTokenForClient(scopes).WithAuthority(authority, true).ExecuteAsync().Result.AccessToken.ToString();
            requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult);
        }));      
        var onlineMeeting = new OnlineMeeting
        {
            StartDateTime = DateTimeOffset.Parse("2021-07-12T21:30:34.2444915+00:00"),
            EndDateTime = DateTimeOffset.Parse("2021-07-12T22:00:34.2464912+00:00"),
            Subject = "My First MS Teams Meeting"
        };
        await graphServiceClient.Me.OnlineMeetings.Request().AddAsync(onlineMeeting);

Answer 1

1. 如果我將“范圍”設置為https://graph.microsoft.com/v1.0/.default ，您的問題可以重現，因此請確保將“范圍”設置為https://graph .microsoft.com/.default 。

2. 您不能在身份驗證代碼流中使用[AcquireTokenForClient][2]函數來獲取令牌。 它通常應用於客戶端憑據流。 此流程不需要用戶登錄，因此即使您使用此功能獲取令牌也是不正確的。 您可以解析要查看令牌，它沒有您在門戶中添加的權限。 對於身份驗證代碼流，您應該使用AcquireTokenByAuthorizationCode來獲取令牌，如Pamela所述。

使用AcquireTokenByAuthorizationCode獲取令牌並解析：

3.代碼：

            string clientId = "{clientId}";
            string clientSecret = "{clientSecret}";
            string redirectUri = "{redirectUri}";
            string authority = "https://login.microsoftonline.com/{tenant id}";
            string authorizationCode = "code";

            string[] scopes = new string[] { "https://graph.microsoft.com/.default" };

            IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
                .Create(clientId)
                .WithRedirectUri(redirectUri)
                .WithClientSecret(clientSecret)
                .WithAuthority(authority)
                .Build();

            AuthorizationCodeProvider auth = new AuthorizationCodeProvider(app, scopes);

            GraphServiceClient graphServiceClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {

                // Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
                var authResult = await app.AcquireTokenByAuthorizationCode(scopes, authorizationCode).ExecuteAsync();

                // Add the access token in the Authorization header of the API request.
                requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);

            })
            );

            var onlineMeeting = new OnlineMeeting
            {
                StartDateTime = DateTimeOffset.Parse("2021-07-12T21:30:34.2444915+00:00"),
                EndDateTime = DateTimeOffset.Parse("2021-07-12T22:00:34.2464912+00:00"),
                Subject = "My First MS Teams Meeting"
            };

            await graphServiceClient.Me.OnlineMeetings.Request().AddAsync(onlineMeeting);