使用Microsoft graph API,我可以使用PostMan工具用手机号码更新电话验证方法部分。
基于该方法,我创建了一个Web API方法,该方法必须使用用户的手机号码更新电话验证方法部分。但失败并显示错误
该用户未经身份验证
这是要让MFA收录用户输入发送到给定手机号码的一次性密码。
我写的代码是:
> using System;
> using System.Collections.Generic;
> using System.Net.Http.Headers;
> using System.Threading.Tasks;
>
> using Microsoft.Extensions.Options;
> using Microsoft.Graph;
> using Microsoft.Graph.Auth;
> using Microsoft.Identity.Client;
>
> using UseGraphAPI.Interfaces;
> using UseGraphAPI.Models;
>
> namespace UseGraphAPI.Repository
> {
> public class UserManager : IUserManager
> {
> private readonly GraphServiceClient graphClient;
> private readonly B2CUserSettings userSettings;
> private readonly AuthenticationResult token;
>
> public UserManager(IOptions<B2CUserSettings> userSettings)
> {
> // The client_id, client_secret, and tenant are pulled in from the appsettings.json from coach API
> this.userSettings = userSettings.Value;
>
> // Initialize the client credential auth provider
> IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
> .Create(this.userSettings.Clientid)
> .WithTenantId(this.userSettings.Tenant)
> .WithClientSecret(this.userSettings.Clientsecret)
> //.WithRedirectUri("http://localhost:62569")
> //.WithAuthority("https://login.microsoftonline.com/29fdf6e9-53c9-4bc7-8927-fa50e62019bc/v2.0")
> .Build();
>
> ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
>
> // Set up the Microsoft Graph service client with client credentials
> GraphServiceClient graphClient = new GraphServiceClient(authProvider);
>
> //string[] scopes = new string[] {
> // "https://graph.microsoft.com/.default"
> //};
>
> //token = confidentialClientApplication.AcquireTokenForClient(scopes).ExecuteAsync().Result;
> //GraphServiceClient graphClient = new GraphServiceClient("https://graph.microsoft.com/beta",
> // new DelegateAuthenticationProvider(async(requestMessage) =>
> // {
> // requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", token.AccessToken);
> // }));
>
> this.graphClient = graphClient;
> }
>
> public async Task UpdateUserPhoneMethod(B2CUserPhoneAuth b2CUserPhoneAuth)
> {
> var user = await GetUserByEmail(b2CUserPhoneAuth.Email);
> var userId = user.CurrentPage[0].Id;
>
> try
> {
> PhoneAuthenticationMethod phoneAuthenticationMethod = new PhoneAuthenticationMethod()
> {
> PhoneNumber = b2CUserPhoneAuth.PhoneNumber,
> PhoneType = AuthenticationPhoneType.Mobile
> };
>
> await graphClient.Users[userId].Authentication.PhoneMethods
> .Request()
> .AddAsync(phoneAuthenticationMethod);
> }
> catch (Exception ex)
> {
> throw ex;
> }
> }
> }
> }
在Azure中注册的应用程序上给定的权限为:
Directory.AccessAsUser.All(委托)Directory.ReadWrite.All (委派与应用)Policy.Read.All(委派) Policy.ReadWrite.AuthenticationMethod(委托)User.ReadWrite.All (委派与应用)UserAuthenticationMethod.ReadWrite.All (委派与申请)
请查看并告知我代码或权限中是否缺少某些内容。
要求是创建用户并添加带有SMS登录标志为true的手机。
致谢
阿朱那
答案 0 :(得分:0)
正如我在评论中所说,代码ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);是基于具有应用程序许可的客户端凭证流的。但是API仅支持委托权限。
您可以使用其他方法(例如AuthorizationCodeProvider)代替。
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithRedirectUri(redirectUri)
.WithClientSecret(clientSecret) // or .WithCertificate(certificate)
.Build();
AuthorizationCodeProvider authenticationProvider = new AuthorizationCodeProvider(confidentialClientApplication, scopes);