gpt4 book ai didi

asp.net - 获取成员组 “Insufficient privileges to complete the operation”

转载 作者:行者123 更新时间:2023-12-02 08:05:44 26 4
gpt4 key购买 nike

我编写了一个应该读取用户组的应用程序。我正在使用 Asp.net 核心。我在 Azure 门户中创建了一个应用程序,并授予 GraphAPI 的所有应用程序权限,然后单击“授予权限”按钮。然后我使用了一些类似于 WebApp-GroupClaims-DotNet 的代码检索用户组:

public async Task<IEnumerable<string>> GetGroupIdsFromGraphApiAsync(string userId)
{
var groupObjectIds = new List<string>();

// Acquire the Access Token
var credential = new ClientCredential(_configHelper.ClientId, _configHelper.AppKey);
var authContext = new AuthenticationContext(_configHelper.Authority);
var result = await authContext.AcquireTokenAsync(_configHelper.GraphResourceId, credential);
var accessToken = result.AccessToken;

var requestUrl =
$"{_configHelper.GraphResourceId}/{_configHelper.Domain}/users/{userId}/getMemberGroups?api-version=1.6";

// Prepare and Make the POST request
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, requestUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var content = new StringContent("{\"securityEnabledOnly\":false}");
content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
request.Content = content;
var response = await client.SendAsync(request);

// Endpoint returns JSON with an array of Group ObjectIDs
if (response.IsSuccessStatusCode)
{
var responseContent = await response.Content.ReadAsStringAsync();
var groupsResult = (Json.Decode(responseContent)).value;

foreach (string groupObjectId in groupsResult)
groupObjectIds.Add(groupObjectId);
}
else
{
var responseContent = await response.Content.ReadAsStringAsync();
throw new WebException(responseContent);
}

return groupObjectIds;
}

不幸的是,我总是收到以下回复:

{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."}}}

应用程序是否无法向 AD 查询此信息?

最佳答案

根据您的代码,您正在进行Azure ad graph api调用,然后您需要授予Windows Azure Active Directory(azure ad graph api)的权限。

https://graph.windows.net是 Azure AD Graph APi 的端点,在 azure 门户中,名称为 Windows Azure Active Directoryhttps://graph.microsoft.com是 Microsoft Graph api 的端点,在 Azure 门户中,名称为 Microsoft Graph

关于asp.net - 获取成员组 “Insufficient privileges to complete the operation”,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44516134/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com