使用Microsoft Graph API更新Azure AD应用程序密钥或机密-BadRequest错误

时间:2018-11-19 23:36:53

标签: azure azure-active-directory microsoft-graph beta

我正在尝试使用Microsoft Graph API beta端点针对应用程序资源类型修补应用程序的密码凭据。

https://graph.microsoft.com/beta/applications/{applicationId}

content变量是类似这样的JSON序列化表示形式:

[{
"customKeyIdentifier":null,
"endDateTime":"2019-11-19T23:16:24.2602448Z",
"keyId":"47fde652-8b60-4384-b630-8e5f8f6e24b1",
"startDateTime":"2018-11-19T23:16:24.2602448Z",
"secretText":"SomeGeneratedPassword",
"hint":null
}]

呼叫代码是这样:

using (HttpClient client = new HttpClient())
            {
                client.BaseAddress = new Uri("https://graph.microsoft.com");
                client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authHeaderValue.Result.AccessToken);
                client.DefaultRequestHeaders
                    .Accept
                    .Add(new MediaTypeWithQualityHeaderValue("application/json"));

                var method = new HttpMethod("PATCH");
                var requestUri = $"https://graph.microsoft.com/beta/applications/{applicationId}";
                var content = GeneratePasswordCredentials(passwordHint);
                var request = new HttpRequestMessage(method, requestUri)
                {
                    Content = new StringContent(
                        content,
                        System.Text.Encoding.UTF8,
                        "application/json")
                };
                request.Headers
                    .Accept
                    .Add(new MediaTypeWithQualityHeaderValue("application/json"));
                var resultApi = await client.SendAsync(request);
                response = await resultApi.Content.ReadAsStringAsync();
            }

Auth似乎工作正常,但响应是这样的(为简洁起见,删除了内部错误):

{
  "error": {
    "code": "BadRequest",
    "message": "Empty Payload. JSON content expected.",
  }
}

上面的代码有什么问题?

2 个答案:

答案 0 :(得分:0)

问题与为Update Application Microsoft Graph API指定的JSON字符串有关。缺少您要为应用程序更新的属性。我添加了“ passwordCredentials”属性,并将其作为集合提供了JSON。请参阅我的代码开头的jsonContent变量。

/*Only change here from original JSON is to add the passwordCredentials node*/

{
  "passwordCredentials":[
    {
      "customKeyIdentifier": null,
      "endDateTime": "2019-11-19T23:16:24.2602448Z",
      "keyId": "47fde652-8b60-4384-b630-8e5f8f6e24b1",
      "startDateTime": "2018-11-19T23:16:24.2602448Z",
      "secretText": "SomeGeneratedPassword",
      "hint": null
    }
  ]
}

我从您的代码开始,也为我重现了400错误的响应错误。

下面是最终的工作代码,现在我得到204响应状态。我还可以从Azure门户>“应用程序注册”>“我的应用程序”>“设置”>“密钥”中看到添加到“应用程序密钥”集合中的新密钥

string jsonContent = "{\"passwordCredentials\":[{\"customKeyIdentifier\":null,\"endDateTime\":\"2019-11-19T23:16:24.2602448Z\",\"keyId\":\"47fde652-8b60-4384-b630-8e5f8f6e24b1\",\"startDateTime\":\"2018-11-19T23:16:24.2602448Z\",\"secretText\":\"somegeneratedpassword\",\"hint\":null}]}";

using (HttpClient client = new HttpClient())
{
    client.BaseAddress = new Uri("https://graph.microsoft.com");
    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authHeaderValue.Result.AccessToken);

    client.DefaultRequestHeaders
                    .Accept
                    .Add(new MediaTypeWithQualityHeaderValue("application/json"));

    var method = new HttpMethod("PATCH");
    var requestUri = $"https://graph.microsoft.com/beta/applications/{applicationId}";

    // I have commented out this method and passed in my JSON instead.   
    //var content = GeneratePasswordCredentials(passwordHint);
    var content = jsonContent;
    var request = new HttpRequestMessage(method, requestUri)
    {
                    Content = new StringContent(
                        content,
                        System.Text.Encoding.UTF8,
                        "application/json")
    };

    request.Headers
                    .Accept
                    .Add(new MediaTypeWithQualityHeaderValue("application/json"));
    var resultApi = client.SendAsync(request).GetAwaiter().GetResult();

    //response = await resultApi.Content.ReadAsStringAsync();
        var response = resultApi.Content.ReadAsStringAsync().GetAwaiter().GetResult();
}

答案 1 :(得分:0)

正文内容格式应为

{
  "passwordCredentials":
    [
      {"customKeyIdentifier":"YWJjZA==",
      "startDateTime":"2018-11-20T02:37:07.3963006Z",
      "endDateTime":"2019-11-20T02:37:07.3963006Z",
      "secretText":"The passwords must be 16-64 characters in length",
      "keyId":"aeda515d-dc58-4ce6-a452-3bc3d84f58a3",
      "hint":"xxx"}
    ]
}

以下演示代码可生成PasswordCredentials正文内容

public static string GeneratePasswordCredentials(string passwordHint)
   {
         var passwordCredential = new JObject
         {
                new JProperty("customKeyIdentifier",Encoding.UTF8.GetBytes(passwordHint)),
                new JProperty("startDateTime",DateTime.UtcNow),
                new JProperty("endDateTime", DateTime.UtcNow.AddYears(1)),
                new JProperty("secretText", "The passwords must be 16-64 characters in length"),
                new JProperty("keyId", Guid.NewGuid().ToString()),
                new JProperty("hint", passwordHint)
         };
         JArray jArray = new JArray
         {
              passwordCredential
         };
         var jsonObject = new JObject
         {
              new JProperty("passwordCredentials",jArray)
         };

         var json = JsonConvert.SerializeObject(jsonObject);
         return json;
     }

注意:请求网址应为$"https://graph.microsoft.com/beta/applications/{ApplicationObjectId}"