我正在尝试获取一个简单的ADAL样本,以获取用户在AAD中所属的组。我已添加AAD和Office Graph的所有权限: Permissions
我一直收到以下错误:
"没有足够的权限来完成操作。"
我可以在其他线程中看到有相同错误的人,但因为他们没有设置图表权限。
代码:
public static async Task<string> AcquireTokenAsync()
{
if (TokenForApplication == null)
{
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.microsoftonline.com/thomaseg.onmicrosoft.com", false);
ClientCredential clientCred = new ClientCredential(Constants.ClientId,
Constants.AppKey);
AuthenticationResult authenticationResult =
await authenticationContext.AcquireTokenAsync("https://graph.windows.net",
clientCred);
TokenForApplication = authenticationResult.AccessToken;
}
return TokenForApplication;
}
/// <summary>
/// Get Active Directory Client for Application.
/// </summary>
/// <returns>ActiveDirectoryClient for Application.</returns>
public static ActiveDirectoryClient GetActiveDirectoryClient()
{
Uri baseServiceUri = new Uri("https://graph.windows.net/thomaseg.onmicrosoft.com");
ActiveDirectoryClient activeDirectoryClient =
new ActiveDirectoryClient(baseServiceUri,
async () => await AcquireTokenAsync());
return activeDirectoryClient;
}
答案 0 :(得分:1)
当您请求用户登录时,需要添加此参数prompt=admin_consent。
这是Startup.Auth.cs
RedirectToIdentityProvider = context =>
{
context.ProtocolMessage.Prompt = "admin_consent";
return Task.FromResult(0);
},