ADAL 权限不足,无法完成操作
ADAL insufficient privileges to complete the operation
我正在尝试获取一个简单的 ADAL 示例,以获取用户在 AAD 中所属的组。我已经添加了 AAD 和 Office Graph 的所有权限:
Permissions
我不断收到以下错误:
"Insufficient privileges to complete the operation."
我可以在其他线程中看到人们有同样的错误,但因为他们没有设置 Graph 权限。
代码:
public static async Task<string> AcquireTokenAsync()
{
if (TokenForApplication == null)
{
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.microsoftonline.com/thomaseg.onmicrosoft.com", false);
ClientCredential clientCred = new ClientCredential(Constants.ClientId,
Constants.AppKey);
AuthenticationResult authenticationResult =
await authenticationContext.AcquireTokenAsync("https://graph.windows.net",
clientCred);
TokenForApplication = authenticationResult.AccessToken;
}
return TokenForApplication;
}
/// <summary>
/// Get Active Directory Client for Application.
/// </summary>
/// <returns>ActiveDirectoryClient for Application.</returns>
public static ActiveDirectoryClient GetActiveDirectoryClient()
{
Uri baseServiceUri = new Uri("https://graph.windows.net/thomaseg.onmicrosoft.com");
ActiveDirectoryClient activeDirectoryClient =
new ActiveDirectoryClient(baseServiceUri,
async () => await AcquireTokenAsync());
return activeDirectoryClient;
}
请求用户登录时需要添加此参数prompt=admin_consent
这是 Startup.Auth.cs
中的示例
RedirectToIdentityProvider = context =>
{
context.ProtocolMessage.Prompt = "admin_consent";
return Task.FromResult(0);
},
我正在尝试获取一个简单的 ADAL 示例,以获取用户在 AAD 中所属的组。我已经添加了 AAD 和 Office Graph 的所有权限: Permissions
我不断收到以下错误:
"Insufficient privileges to complete the operation."
我可以在其他线程中看到人们有同样的错误,但因为他们没有设置 Graph 权限。
代码:
public static async Task<string> AcquireTokenAsync()
{
if (TokenForApplication == null)
{
Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext("https://login.microsoftonline.com/thomaseg.onmicrosoft.com", false);
ClientCredential clientCred = new ClientCredential(Constants.ClientId,
Constants.AppKey);
AuthenticationResult authenticationResult =
await authenticationContext.AcquireTokenAsync("https://graph.windows.net",
clientCred);
TokenForApplication = authenticationResult.AccessToken;
}
return TokenForApplication;
}
/// <summary>
/// Get Active Directory Client for Application.
/// </summary>
/// <returns>ActiveDirectoryClient for Application.</returns>
public static ActiveDirectoryClient GetActiveDirectoryClient()
{
Uri baseServiceUri = new Uri("https://graph.windows.net/thomaseg.onmicrosoft.com");
ActiveDirectoryClient activeDirectoryClient =
new ActiveDirectoryClient(baseServiceUri,
async () => await AcquireTokenAsync());
return activeDirectoryClient;
}
请求用户登录时需要添加此参数prompt=admin_consent
这是 Startup.Auth.cs
RedirectToIdentityProvider = context =>
{
context.ProtocolMessage.Prompt = "admin_consent";
return Task.FromResult(0);
},