用于 Power BI 管理的 Azure AD 代表流程

Question

我成功设置了 "Azure AD On-Behalf-Of flow"，我的网络 api 安全操作调用和 ms 图形 api 调用也正常工作。不，我添加了更多与 power bi 相关的赠款。我想从网上 read/write workspaces/reports 等 api 我试过了：

string[] scopes = { "Capacity.Read.All", "Capacity.ReadWrite.All",
    "Content.Create", " Dashboard.Read.All", " Dashboard.ReadWrite.All",
    "Data.Alter_Any", "Dataset.Read.All", "Dataset.ReadWrite.All", "Group.Read", "Group.Read.All",
    "Metadata.View_Any", "Report.Read.All", "Report.ReadWrite.All", "Tenant.Read.All",
    "Workspace.Read.All", "Workspace.ReadWrite.All"};
string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes); // error
var tokenCredentials = new TokenCredentials(accessToken, "Bearer");
using (var client = new PowerBIClient(new Uri(_powerBiConfig.ApiUrl), tokenCredentials))
{
...
}

但是 GetAccessTokenOnBehalfOfUser returns

AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid.

Answer 1

我自己搞定了。

下面的代码演示了如何检索所有 power bi 工作区

public async Task<string> Groups()
{
    string[] scopes = { "https://analysis.windows.net/powerbi/api/Dataset.Read.All"};
    try
    {
        string accessToken = await _tokenAcquisition.GetAccessTokenOnBehalfOfUser(HttpContext, scopes);
        var tokenCredentials = new TokenCredentials(accessToken, "Bearer");
        using (var client = new PowerBIClient(new Uri(_powerBiConfig.ApiUrl), tokenCredentials))
        {
            return JsonConvert.SerializeObject(client.Groups.GetGroups().Value, Formatting.Indented);
        }
    }
    catch (Exception exc)
    {
        return string.Empty;
    }
}

用于 Power BI 管理的 Azure AD 代表流程

Azure AD On-Behalf-Of flow for power bi management

c#

azure

azure-active-directory

powerbi

msal