带有多租户应用程序的 Azure AD B2B SSO,我收到类似 "Insufficient privileges to complete the operation." 的响应
Azure AD B2B SSO with a multi-tenant application, I'm getting a response like "Insufficient privileges to complete the operation."
我使用了以下权限:
public void Test()
{
try
{
string tenantId = User.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string authority = "https://login.microsoftonline.com/{0}/common/oauth2/v2.0/token?scope=openid%20profile%20User.ReadWrite%20User.ReadBasic.All%20Sites.ReadWrite.All%20Contacts.ReadWrite%20People.Read%20Notes.ReadWrite.All%20Tasks.ReadWrite%20Mail.ReadWrite%20Files.ReadWrite.All%20Calendars.ReadWrite";
string graphResourceId = "https://graph.microsoft.com";
string clientId = "XXX-XXX-XXX-XXX";
string secret = "XXXXXXXXXXXXXXXXXXXXXXXX";
authority = String.Format(authority, tenantId);
AuthenticationContext authContext = new AuthenticationContext(authority);
var accessToken = authContext.AcquireTokenAsync(graphResourceId, new ClientCredential(clientId, secret)).Result.AccessToken;
var graphserviceClient = new GraphServiceClient(new DelegateAuthenticationProvider(requestMessage =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", accessToken);
return Task.FromResult(0);
}));
var _users = graphserviceClient.Users.Request().GetAsync().Result;
}
catch (Exception ex)
{
throw ex;
}
}
public async Task<IActionResult> Index()
{
string tenantId = User.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string ClientID = "xxx-xxx-xxx-xxx";
ActiveDirectoryClient adClient = new ActiveDirectoryClient(new Uri("https://graph.windows.net/" + tenantId), async () => await GetAppTokenAsync(tenantId).ConfigureAwait(true));
try
{
var naaaewuser = adClient.Users.ExecuteAsync().Result;
}
catch (Exception ex)
{
throw ex;
}
return View();
}
"code": "Authorization_RequestDenied"
"value": "Insufficient privileges to complete the operation."
任何人都可以帮助我如何获得未经“管理员同意”登录的组织的用户列表?另外,如果有其他选择,请告诉我。
谢谢
我得到了解决方案并获得了我组织的用户基本资料。解决方案:使用 AcquireTokenSilentAsync 方法获取访问令牌。更多详情
谢谢大家
我使用了以下权限:
public void Test()
{
try
{
string tenantId = User.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string authority = "https://login.microsoftonline.com/{0}/common/oauth2/v2.0/token?scope=openid%20profile%20User.ReadWrite%20User.ReadBasic.All%20Sites.ReadWrite.All%20Contacts.ReadWrite%20People.Read%20Notes.ReadWrite.All%20Tasks.ReadWrite%20Mail.ReadWrite%20Files.ReadWrite.All%20Calendars.ReadWrite";
string graphResourceId = "https://graph.microsoft.com";
string clientId = "XXX-XXX-XXX-XXX";
string secret = "XXXXXXXXXXXXXXXXXXXXXXXX";
authority = String.Format(authority, tenantId);
AuthenticationContext authContext = new AuthenticationContext(authority);
var accessToken = authContext.AcquireTokenAsync(graphResourceId, new ClientCredential(clientId, secret)).Result.AccessToken;
var graphserviceClient = new GraphServiceClient(new DelegateAuthenticationProvider(requestMessage =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", accessToken);
return Task.FromResult(0);
}));
var _users = graphserviceClient.Users.Request().GetAsync().Result;
}
catch (Exception ex)
{
throw ex;
}
}
public async Task<IActionResult> Index()
{
string tenantId = User.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string ClientID = "xxx-xxx-xxx-xxx";
ActiveDirectoryClient adClient = new ActiveDirectoryClient(new Uri("https://graph.windows.net/" + tenantId), async () => await GetAppTokenAsync(tenantId).ConfigureAwait(true));
try
{
var naaaewuser = adClient.Users.ExecuteAsync().Result;
}
catch (Exception ex)
{
throw ex;
}
return View();
}
"code": "Authorization_RequestDenied"
"value": "Insufficient privileges to complete the operation."
任何人都可以帮助我如何获得未经“管理员同意”登录的组织的用户列表?另外,如果有其他选择,请告诉我。
谢谢
我得到了解决方案并获得了我组织的用户基本资料。解决方案:使用 AcquireTokenSilentAsync 方法获取访问令牌。更多详情
谢谢大家