在研究了这个错误之后,最常见的解决方案是设置 API 的权限。但这已经完成,并已具有读取基本/完整配置文件的权限。Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
我已删除并重新添加了 API。
以下是我
AzureAuthenticationProvider
类中继承自IAuthenticationProvider
的代码:public class AzureAuthenticationProvider : IAuthenticationProvider
{
private string _azureDomain = "myDevDom.onmicrosoft.com";
public async Task AuthenticateRequestAsync(HttpRequestMessage request)
{
try
{
string clientId = "2b823c67-1b0d-4a10-a9e1-737142516f5q";
string clientSecret = "xxxxxx";
AuthenticationContext authContext = new AuthenticationContext("https://login.windows.net/" + _azureDomain + "/oauth2/token");
ClientCredential credentials = new ClientCredential(clientId, clientSecret);
AuthenticationResult authResult = await authContext.AcquireTokenAsync("https://graph.microsoft.com/", credentials);
request.Headers.Add("Authorization", "Bearer " + authResult.AccessToken);
}
catch (Exception ex)
{
}
}
}
我尝试将客户端密钥更改为无效的ID,它抛出了一个错误,因此客户端密钥是正确的。我还尝试验证访问令牌是否有效,通过更改访问令牌,同样返回错误。
上面的代码似乎正常工作。
以下是我尝试访问Azure AD的代码:
public async Task<IGraphServiceUsersCollectionPage> GetUsersByLastName(string lastname)
{
GraphServiceClient graphClient = new GraphServiceClient(new AzureAuthenticationProvider());
string filter = String.Format("startswith(surname, '{0}')", lastname);
IGraphServiceUsersCollectionPage users = await graphClient.Users.Request().Filter(filter).GetAsync(); //Fails on this line
return users;
}