我正在尝试使用MS Graph API永久删除组。根据文档,使用应用程序权限Group.ReadWrite.All在C#中实现该方法。 https://docs.microsoft.com/en-us/graph/api/directory-deleteditems-delete?view=graph-rest-1.0&tabs=http。 管理员同意。方法如下:
[HttpDelete("permadelete/{azureId}")]
public async Task<IActionResult> PermadeleteGroupOrTeam(string azureId)
{
HttpContext.VerifyUserHasAnyAcceptedScope(adminScope);
var tenantId = Request.HttpContext.User.GetTenantId();
var dbClient = TCDBService.GetTenantDB(_dbSettings, tenantId);
var _graphClient = GraphServiceClientFactory.GetGraphServiceClient(tenantId, new[] {"https://graph.microsoft.com/.default" }, _webOptions);
try
{
await _graphClient.Directory.DeletedItems[azureId].Request().DeleteAsync();
dbClient.DeleteGroupOrTeam(azureId);
return Ok();
}
catch (Exception e)
{
return BadRequest(e.Message);
}
}
尝试运行该方法时,出现以下错误:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation",
"innerError": {
"date": "2020-10-29T12:51:38",
"request-id": "28fed12e-9338-4dee-b346-54ac66100b7f",
"client-request-id": "28fed12e-9338-4dee-b346-54ac66100b7f"
}
}
}
使用的图形调用是
DELETE https://graph.microsoft.com/v1.0/directory/deleteditems/id
例如,当我尝试使用Graph Explorer或在前端使用JavaScript和委派权限执行此操作时,它应能正常工作。但这不是我想要的,因为在这种情况下,无需管理员同意,并且没有全局管理员角色的用户无法执行此操作
有什么主意,或者有人遇到过同样的问题吗?