azure-active-directory - 从 Azure AD Graph Education API 获取 Forbidden/Access Denied 错误
问题描述
我正在使用 Graph 教育 API,需要有关用户个人资料的所有信息。在响应/json 对象中出现以下错误 Forbidden AccessDenied 未提供必需的声明值。
public async Task<ActionResult> GetUserDetails()
{
List<User> listUser = new List<User>();
List<UserRole> userRole = new List<UserRole>();
string clientId = configuration.GetValue<string>("AzureAd:ClientId");
string clientSecret = configuration.GetValue<string>("AzureAd:ClientSecret");
//var email = User.Identity.Name;
//AuthenticationContext authContext = new AuthenticationContext("https://login.windows.net/LPExamDev.onmicrosoft.com/oauth2/token");
AuthenticationContext authContext = new AuthenticationContext("https://login.windows.net/LPExamStaging.onmicrosoft.com/oauth2/token");
ClientCredential creds = new ClientCredential(clientId, clientSecret);
AuthenticationResult authResult = await authContext.AcquireTokenAsync("https://graph.microsoft.com/", creds);
HttpClient http = new HttpClient();
string url = $"https://graph.microsoft.com/v1.0/education/users"; // Microsoft Education Graph
//string url = $"https://graph.microsoft.com/v1.0/users"; // Microsoft Graph // Working fine.
////string url = "https://graph.windows.net/LPExamStaging.onmicrosoft.com/users?api-version=1.6";
// Append the access token for the Graph API to the Authorization header of the request by using the Bearer scheme.
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, url);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
HttpResponseMessage response = await http.SendAsync(request);
var json = await response.Content.ReadAsStringAsync();
var jsonResponse = response.ToString();
bool responseCode = response.IsSuccessStatusCode;
//ViewBag.userData = json;
//SaveAPIData(json);
if (responseCode)
{
SaveAPIData(json);
}
}
解决方案
您需要授予您的应用程序EduRoster.Read.All
权限,然后单击授予管理员同意按钮。
登录 azure 门户->单击 Azure Active Directory->单击应用注册(预览)->单击您的应用程序->单击 API 权限->添加权限->选择应用程序权限
然后单击授予管理员同意按钮。
您可以使用https://jwt.io/解码您的访问令牌,以检查您是否已经获得该权限。
推荐阅读
- elastic-stack - Kibana 7.10 仪表板向下钻取
- javascript - 使用 Selenium 和 Beautifulsoup 解析 JavaScript 输出
- javascript - 如何将 2 个 yaml 文件与变量依赖项合并?
- vscode-extensions - 如何在 VSCode 扩展中发出 POST 请求
- python - 初始化 TensorFlow 变量的问题
- reactjs - 在边缘旧版浏览器中,Highchart 世界地图渲染太慢
- azure - 使用来自不同来源的多个容器通过 Docker Compose 部署到 Azure App Service
- javascript - 监听器或单选按钮值更改 JQuery v3.5.1
- node.js - 如何使用 paypal orders api 指定收款人?
- php - 生成正确的 JSON 数组响应的问题