我正在开发Web应用程序,我需要通过编程将用户创建到我的Azure AD中。我正在使用Graph API。我有一个管理员帐户注册Azure AD,这是一个全局管理员,当我从此用户获取令牌并从中获取用户详细信息 https://graph.windows.net/me?api-version=1.6 API,它运行正常但是当我使用相同的令牌来使用https://graph.windows.net/ApplicationId/users?api-version=1.6 API来创建用户时,它会给我错误
{
"odata.error": {
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
}
}
以下是获取令牌的代码:
using (System.Net.Http.HttpClient client = new System.Net.Http.HttpClient())
{
var RequestParameter = new System.Collections.Generic.List<System.Collections.Generic.KeyValuePair<string, string>>();
RequestParameter.Add(new KeyValuePair<string, string>("resource", "https://graph.windows.net"));
RequestParameter.Add(new KeyValuePair<string, string>("grant_type", "password"));
RequestParameter.Add(new KeyValuePair<string, string>("client_id", "Client_Id"));
RequestParameter.Add(new KeyValuePair<string, string>("username", Email));
RequestParameter.Add(new KeyValuePair<string, string>("password", "******"));
var Request = new HttpRequestMessage(HttpMethod.Post, "https://login.windows.net/App_ID/oauth2/token") { Content = new FormUrlEncodedContent(RequestParameter) };
response = await client.SendAsync(Request);
}
var a = response.Content.ReadAsStringAsync().Result;
任何1可以建议吗? 感谢。