我正在使用来自 Azure AD 的应用程序标识并授予读写权限,我还运行了 Grant-CsApplicationAccessPolicy 以便应用程序标识有权代表来自 Azure AD 的真实用户标识创建在线会议
我知道我的设置适用于从图形 API 获取用户。但是,运行以下命令后出现错误:
var confidentialClient = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithAuthority($"https://login.microsoftonline.com/{tenantId}/v2.0")
.WithClientSecret(clientSecret)
.Build();
GraphServiceClient graphServiceClient =
new GraphServiceClient("https://graph.microsoft.com/beta", new DelegateAuthenticationProvider(async (requestMessage) =>
{
var authResult = await confidentialClient
.AcquireTokenForClient(scopes)
.ExecuteAsync();
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
})
);
var onlineMeeting = new OnlineMeeting
{
StartDateTime = DateTimeOffset.Parse("2020-12-25T21:30:34.2444915+00:00"),
EndDateTime = DateTimeOffset.Parse("2020-12-25T22:00:34.2464912+00:00"),
Subject = "User Token Meeting 1"
};
var meetingInstance = await graphServiceClient.Me.OnlineMeetings
.Request()
.AddAsync(onlineMeeting);
错误信息如下,为什么会说用户在AAD中通过用户ID查找失败?
状态:未找到 (404) 操作 ID:8d06ff01-1dc3-49d1-9ced-9db6a919b162
ClientCorrelationId:53b4478e-ba86-48ca-bb5b-25e5ef50c187
服务器错误:在 AAD 中按用户 ID 查找用户失败。
客户端异常:处理 HTTP 请求导致异常。有关详细信息,请参阅此异常的 'Response' 属性返回的 HTTP 响应。
内部错误:
附加数据:
日期:2020-12-16T21:08:31
请求 ID:d60858cf-5ef5-4a0d-8d67-181f80ed6c35
客户端请求ID:d60858cf-5ef5-4a0d-8d67-181f80ed6c35
ClientRequestId:d60858cf-5ef5-4a0d-8d67-181f80ed6c35
在 Microsoft.Graph.HttpProvider.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancelationToken) 在 Microsoft.Graph.BaseRequest.SendRequestAsync(Object serializableObject, CancellationToken cancelationToken, HttpCompletionOption completionOption) 在 Microsoft.Graph.BaseRequest.SendAsync[T](Object serializableObject, CancellationToken CancellationToken, HttpCompletionOption completionOption) 在 MSTeam.Program.Main(String[] args) 中 D:\VSTS\msteam\MSTeam\MSTeam\Program.cs:line 62
答案 0 :(得分:2)
开发是正确的。
基于此document:
<块引用>使用应用程序令牌时的请求:POST /users/{userId}/onlineMeetings。
所以你应该在这里使用 graphServiceClient.Users["{userId}"].OnlineMeetings 而不是 graphServiceClient.Me.OnlineMeetings。
userId 是用户的对象 ID。当您Configure application access policy时,您需要将策略授予用户:
Grant-CsApplicationAccessPolicy -PolicyName Test-policy -Identity "ddb80e06-92f3-4978-bc22-a0eee85e6a9e"
ddb80e06-92f3-4978-bc22-a0eee85e6a9e 正是 userId。
我的代码供您参考:
// Configure the MSAL client as a confidential client
var confidentialClient = ConfidentialClientApplicationBuilder
.Create("{client_id}")
.WithTenantId("{tenant_id}")
.WithClientSecret("{client_secret}")
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClient);
GraphServiceClient graphServiceClient = new GraphServiceClient(authProvider);
var onlineMeeting = new OnlineMeeting
{
StartDateTime = DateTimeOffset.Parse("2021-01-12T21:30:34.2444915+00:00"),
EndDateTime = DateTimeOffset.Parse("2021-01-12T22:00:34.2464912+00:00"),
Subject = "User Token Meeting123"
};
var meeting = await graphServiceClient.Users["{userId}"].OnlineMeetings
.Request()
.AddAsync(onlineMeeting);