新的Microsoft Graph API - 仅限应用访问

时间:2015-11-27 07:28:18

标签: office365 office365-restapi microsoft-graph

我想查看来自多个用户的日历。因此,我需要仅限app的访问权限(因为应用程序需要比登录用户更多的权限)。

使用“旧”API可以按照以下说明进行操作:https://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365

使用新的Microsoft Graph API,这似乎不起作用。有没有办法让这项工作?我想将Microsoft Graph API用于应用程序中所需的所有Office 365 API函数。

提前致谢!

(编辑:包含错误信息。)

  

Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException:AADSTS70002:验证凭据时出错。 AADSTS50012:客户端断言包含无效签名。跟踪ID:718db531-d789-4b45-ae9d-c2e53f3786fd相关ID:6a157ae5-7dc3-4470-81c0-f410e14f9c04时间戳:2015-11-27 12:40:33Z ---> System.Net.WebException:Der Remoteserver hat einenFehlerzurückgegeben:(401)Nicht autorisiert。 bei System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

我提供了完整的委托和完整的应用程序持久性。这是我得到的令牌:

{"token_type":"Bearer","expires_in":"3599","scope":"Calendars.Read Calendars.ReadWrite Contacts.Read Contacts.ReadWrite Directory.AccessAsUser.All Directory.Read Directory.Read.All Directory.ReadWrite.All Directory.Write Files.Read Files.Read.All Files.Read.Selected Files.ReadWrite Files.ReadWrite.All Files.ReadWrite.AppFolder Files.ReadWrite.Selected full_access_as_user Group.Read.All Group.ReadWrite.All Mail.Read Mail.ReadWrite Mail.Send Notes.Create Notes.Read Notes.Read.All Notes.ReadWrite Notes.ReadWrite.All Notes.ReadWrite.CreatedByApp offline_access openid People.Read People.ReadWrite Sites.Read.All Tasks.ReadWrite User.Read User.Read.All User.ReadBasic.All User.ReadWrite User.ReadWrite.All user_impersonation","expires_on":"1448974661","not_before":"1448970761","resource":"https://graph.microsoft.com/","pwd_exp":"582983","pwd_url":"https://portal.microsoftonline.com/ChangePassword.aspx","access_token":"eyJ---------zQXg","refresh_token":"AAABAA--------pYSAA","id_token":"eyJ0eXAi-------4wIn0."}

我无权阅读其他日历,而不是我的。

编辑: 我无法获得App-Token ...继承我的代码(App-Token之前我没有使用新的图形API时工作)

        string authority = appConfig["AuthorizationUri"].Replace("common", appConfig["ida:TenantId"]);
        AuthenticationContext authenticationContext = new AuthenticationContext(authority, false);
        string certfile = appConfig["o365_CertPath"];

        X509Certificate2 cert = new X509Certificate2(certfile, // password for the cert file containing private key 
                                                    appConfig["o365_CertPassword"],
                                                    X509KeyStorageFlags.MachineKeySet);

        ClientAssertionCertificate cac = new ClientAssertionCertificate(appConfig["ida:ClientId"], cert);

        AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync("https://outlook.office365.com", cac);
        this.currentAccessToken = authenticationResult.AccessToken;

我通过AcquireTokenAsync尝试了不同的端点。 我总是得到错误消息:

{“AADSTS70002:验证凭据时出错.AADSTS50012:客户端断言包含无效签名。\ r \ nTrace ID:6fe2a6bd-77d3-47a8-83d4-e10aea69b88a \ r \ n相关ID:53071578-1c16-4c17- 8f77-fc5821c18d4b \ r \ n时间戳:2015-12-02 08:05:25Z“}

再次感谢

1 个答案:

答案 0 :(得分:0)

我有类似的问题。我正在使用PnP站点中的Create-SelfSignedCertificate.ps1。我转而使用Makecert,一切正常。基本上遵循理查兹的确切说明http://blogs.msdn.com/b/richard_dizeregas_blog/archive/2015/05/03/performing-app-only-operations-on-sharepoint-online-through-azure-ad.aspx

相关问题
最新问题