Microsoft Graph API 作为 WEB API 应用程序
Microsft Graph API as WEB API application
我现在一直在敲脑袋。我想开发将在我的 Angular APP 中使用的 Web API。 API 的目的是 create/delete Microsoft Teams 使用 Graph API。
我有 azure 应用程序并获得适当的许可。下面是我的代码,它一直给我 403 错误。
有人可以帮助我吗?另外,我是否必须对以下选项申请权限才能在没有用户交互的情况下访问 Grpah API(如在登录弹出窗口中)
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create("d78eaba6-12fe-8139")
.WithTenantId("fd49ee20-51a4-d930e2db05de")
.WithClientSecret("WTeN7A7-oeOfi~c9gF..")
.Build();
var scopes = new string[] { "https://graph.microsoft.com/.default" };
var authResult = await confidentialClientApplication.AcquireTokenForClient(scopes).ExecuteAsync();
string token = authResult.AccessToken;
await CallWebApiAndProcessResultASync("GET","https://graph.microsoft.com/v1.0/users", token, null, Display);
public static async Task CallWebApiAndProcessResultASync(string method,string webApiUrl, string accessToken, StringContent postValue, Action<JObject> processResult)
{
string request = string.Empty;
if (!string.IsNullOrEmpty(accessToken))
{
using (HttpClient HttpClient = new HttpClient())
{
var defaultRequestHeaders = HttpClient.DefaultRequestHeaders;
if (defaultRequestHeaders.Accept == null || !defaultRequestHeaders.Accept.Any(m => m.MediaType == "application/json"))
{
HttpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
}
defaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using (HttpRequestMessage httpRequestMessage = new HttpRequestMessage(new HttpMethod(method), webApiUrl) { Content = postValue })
{
var response = HttpClient.SendAsync(httpRequestMessage).Result;
if (response.IsSuccessStatusCode)
{
string json = await response.Content.ReadAsStringAsync();
JObject result = JsonConvert.DeserializeObject(json) as JObject;
Console.ForegroundColor = ConsoleColor.Gray;
processResult(result);
}
else
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine($"Failed to call the Web Api: {response.StatusCode}");
string content = await response.Content.ReadAsStringAsync();
// Note that if you got reponse.Code == 403 and reponse.content.code == "Authorization_RequestDenied"
// this is because the tenant admin as not granted consent for the application to call the Web API
Console.WriteLine($"Content: {content}");
}
}
Console.ResetColor();
}
}
}
是的,如果您不需要用户交互,您只需要为您的应用授予应用权限,并授予管理员同意 为您添加的权限。如果您需要将 MS Graph API 调用到 create/delete Microsoft Teams,请授予您的应用程序 Directory.ReadWrite.All 权限。
我现在一直在敲脑袋。我想开发将在我的 Angular APP 中使用的 Web API。 API 的目的是 create/delete Microsoft Teams 使用 Graph API。
我有 azure 应用程序并获得适当的许可。下面是我的代码,它一直给我 403 错误。
有人可以帮助我吗?另外,我是否必须对以下选项申请权限才能在没有用户交互的情况下访问 Grpah API(如在登录弹出窗口中)
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create("d78eaba6-12fe-8139")
.WithTenantId("fd49ee20-51a4-d930e2db05de")
.WithClientSecret("WTeN7A7-oeOfi~c9gF..")
.Build();
var scopes = new string[] { "https://graph.microsoft.com/.default" };
var authResult = await confidentialClientApplication.AcquireTokenForClient(scopes).ExecuteAsync();
string token = authResult.AccessToken;
await CallWebApiAndProcessResultASync("GET","https://graph.microsoft.com/v1.0/users", token, null, Display);
public static async Task CallWebApiAndProcessResultASync(string method,string webApiUrl, string accessToken, StringContent postValue, Action<JObject> processResult)
{
string request = string.Empty;
if (!string.IsNullOrEmpty(accessToken))
{
using (HttpClient HttpClient = new HttpClient())
{
var defaultRequestHeaders = HttpClient.DefaultRequestHeaders;
if (defaultRequestHeaders.Accept == null || !defaultRequestHeaders.Accept.Any(m => m.MediaType == "application/json"))
{
HttpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
}
defaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using (HttpRequestMessage httpRequestMessage = new HttpRequestMessage(new HttpMethod(method), webApiUrl) { Content = postValue })
{
var response = HttpClient.SendAsync(httpRequestMessage).Result;
if (response.IsSuccessStatusCode)
{
string json = await response.Content.ReadAsStringAsync();
JObject result = JsonConvert.DeserializeObject(json) as JObject;
Console.ForegroundColor = ConsoleColor.Gray;
processResult(result);
}
else
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine($"Failed to call the Web Api: {response.StatusCode}");
string content = await response.Content.ReadAsStringAsync();
// Note that if you got reponse.Code == 403 and reponse.content.code == "Authorization_RequestDenied"
// this is because the tenant admin as not granted consent for the application to call the Web API
Console.WriteLine($"Content: {content}");
}
}
Console.ResetColor();
}
}
}
是的,如果您不需要用户交互,您只需要为您的应用授予应用权限,并授予管理员同意 为您添加的权限。如果您需要将 MS Graph API 调用到 create/delete Microsoft Teams,请授予您的应用程序 Directory.ReadWrite.All 权限。