程序员经验分享-hwhale

从 Azure AD Graph Education API 获取“禁止/访问被拒绝”错误

2024-01-15

I am using Graph education API, want all information about the user profile. Getting below error in response/json objects Forbidden AccessDenied Required claim values are not provided.

public async Task<ActionResult> GetUserDetails()
        {
            List<User> listUser = new List<User>();
            List<UserRole> userRole = new List<UserRole>();


            string clientId = configuration.GetValue<string>("AzureAd:ClientId");
            string clientSecret = configuration.GetValue<string>("AzureAd:ClientSecret");


            //var email = User.Identity.Name;

            //AuthenticationContext authContext = new AuthenticationContext("https://login.windows.net/LPExamDev.onmicrosoft.com/oauth2/token");
            AuthenticationContext authContext = new AuthenticationContext("https://login.windows.net/LPExamStaging.onmicrosoft.com/oauth2/token");
            ClientCredential creds = new ClientCredential(clientId, clientSecret);
            AuthenticationResult authResult = await authContext.AcquireTokenAsync("https://graph.microsoft.com/", creds);

            HttpClient http = new HttpClient();            
            string url = $"https://graph.microsoft.com/v1.0/education/users";  // Microsoft Education Graph

            //string url = $"https://graph.microsoft.com/v1.0/users"; // Microsoft Graph // Working fine.
            ////string url = "https://graph.windows.net/LPExamStaging.onmicrosoft.com/users?api-version=1.6"; 

            // Append the access token for the Graph API to the Authorization header of the request by using the Bearer scheme.
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, url);
            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
            HttpResponseMessage response = await http.SendAsync(request);
            var json = await response.Content.ReadAsStringAsync();
            var jsonResponse = response.ToString();
            bool responseCode = response.IsSuccessStatusCode;
            //ViewBag.userData = json;

            //SaveAPIData(json);


            if (responseCode)
            {
                SaveAPIData(json);
            }
       }

您需要批准您的申请EduRoster.Read.All权限并单击授予管理员同意按钮。

登录azure门户->单击Azure Active Directory->单击应用程序注册(预览)->单击您的应用程序->单击API权限->添加权限->选择应用程序权限

然后单击授予管理员同意按钮。

You can decoded your access token by using https://jwt.io/ https://jwt.io/ to check if you have already got that permission. enter image description here

本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)

azureactivedirectory

azureadgraphapi

从 Azure AD Graph Education API 获取“禁止/访问被拒绝”错误 的相关文章

随机推荐

热门标签