我正在使用ActiveDirectoryClient调用ADGraph API,我发现它在本地计算机上抛出 System.Data.Services.Client.DataServiceQueryException (包含在Exception中),但它而是在我们部署的某个服务上抛出 Microsoft.Data.OData.ODataErrorException 。
我找不到任何有关ActiveDirectoryClient应该抛出异常的文档,以及我们应该如何处理这种不稳定行为的异常。
我查看了解压缩的代码,看起来这是由于 System.Data.Services.Client 与 Microsoft.Data.Services.Client <之间的命名空间冲突造成的/ strong>,但我不是百分百肯定。
任何人都可以帮助我了解ActiveDirectoryClient应该抛出哪种类型的异常,以及为什么这会根据环境抛出不同类型的异常?
以下是两个之间的示例堆栈跟踪:
Microsoft.Data.OData.ODataErrorException: Insufficient privileges to complete the operation. ---> System.Data.Services.Client.DataServiceQueryException: An error occurred while processing this request. ---> System.Data.Services.Client.DataServiceClientException: {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."}}}
at System.Data.Services.Client.BaseAsyncResult.EndExecute[T](Object source, String method, IAsyncResult asyncResult)
at System.Data.Services.Client.QueryResult.EndExecuteQuery[TElement](Object source, String method, IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Data.Services.Client.QueryResult.EndExecuteQuery[TElement](Object source, String method, IAsyncResult asyncResult)
at System.Data.Services.Client.DataServiceRequest.EndExecute[TElement](Object source, DataServiceContext context, String method, IAsyncResult asyncResult)
at System.Data.Services.Client.DataServiceQuery`1.EndExecute(IAsyncResult asyncResult)
at Microsoft.Azure.ActiveDirectory.GraphClient.Extensions.DataServiceContextWrapper.<>c__DisplayClass4c`2.<ExecuteAsync>b__4a(IAsyncResult r)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
VS
System.Data.Services.Client.DataServiceQueryException: An error occurred while processing this request. ---> System.Data.Services.Client.DataServiceClientException: {"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"babeee64-a5b1-4b37-9124-a3e18cc304fb","date":"2018-06-12T04:22:53"}}
at System.Data.Services.Client.BaseAsyncResult.EndExecute[T](Object source, String method, IAsyncResult asyncResult)
at System.Data.Services.Client.QueryResult.EndExecuteQuery[TElement](Object source, String method, IAsyncResult asyncResult)
--- End of inner exception stack trace ---
at System.Data.Services.Client.QueryResult.EndExecuteQuery[TElement](Object source, String method, IAsyncResult asyncResult)
at System.Data.Services.Client.DataServiceRequest.EndExecute[TElement](Object source, DataServiceContext context, String method, IAsyncResult asyncResult)
at System.Data.Services.Client.DataServiceQuery`1.EndExecute(IAsyncResult asyncResult)
at Microsoft.Azure.ActiveDirectory.GraphClient.Extensions.DataServiceContextWrapper.<>c__DisplayClass4c`2.<ExecuteAsync>b__4a(IAsyncResult r)
答案 0 :(得分:0)
在你的例外情况中都有非常明确的信息:
{"lang":"en","value":"Insufficient privileges to complete the operation."}
您没有足够的权限来完成操作。因此,请参阅图API,了解您尝试完成的操作,它需要什么特权以及您是否已将这些特权授予您的应用程序。
另请注意,如果您只使用客户端凭据流,则无法从目录中删除任何对象。应用程序(服务主体)不允许删除任何内容。你也可以克服这一点,但你不想这样做。使应用程序能够删除对象的方法是使其成为公司管理员。这意味着,获得客户端凭据(client_id,client_secret)的任何人都可以完全控制Azure AD。你不希望这样。