使用 Graph API 访问 SharePoint 网站
Accessing SharePoint sites using Graph API
我正在尝试使用后台服务将文件上传到 SharePoint 网站,到目前为止我什至无法成功列出网站。我认为 permissions/access 在我这边有问题,下面是我正在使用的核心代码:
var application = ConfidentialClientApplicationBuilder
.Create("APP_ID")
.WithClientSecret("APP_SECRET")
.WithTenantId("TENANT_GUID")
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(application, "https://*****.sharepoint.com/.default");
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var sites = await graphClient.Sites.Request().GetAsync();
但在这种情况下抛出异常:
Access token validation failure. Invalid audience.
如果我从 ClientCredentialProvider 中删除范围,下一个异常将出现:
Code: AccessDenied Message: Either scp or roles claim need to be present in the token.
应用程序本身具有所有必需的权限:
任何想法我在这里做错了什么
我的测试代码供大家参考:
string clientID = "cde921c5-abcd-abcd-a450-6dabcd46fec5"; // Put the Application ID from above here.
string clientSecret = "N7b1sxnxGCxLLWx9m0~UJUxBx.PNGrqb.K"; // Put the Client Secret from above here.
string graphApiResource = "https://graph.microsoft.com";
Uri microsoftLogin = new Uri("https://login.microsoftonline.com/");
string tenantID = "2e83cc45-652e-418b-a85v-80c281v30c09"; // Put the Azure AD Tenant ID from above here.
// The authority to ask for a token: your azure active directory.
string authority = new Uri(microsoftLogin, tenantID).AbsoluteUri;
AuthenticationContext authenticationContext = new AuthenticationContext(authority);
ClientCredential clientCredential = new ClientCredential(clientID, clientSecret);
// Picks up the bearer token.
AuthenticationResult authenticationResult = authenticationContext.AcquireTokenAsync(graphApiResource, clientCredential).Result;
GraphServiceClient graphClient = new GraphServiceClient(new DelegateAuthenticationProvider(
async (requestMessage) =>
{
// This is adding a bearer token to the httpclient used in the requests.
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", authenticationResult.AccessToken);
}));
var sites = graphClient.Sites.Request().GetAsync();
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenantID)
.WithClientSecret(clientSecret)
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
//To access the root SharePoint site:
var site1 = await graphClient.Sites["root"]
.Request()
.GetAsync();
//To access the Specified SharePoint site:
var site2 = await graphClient.Sites["{site-id}"]
.Request()
.GetAsync();
正如@Shiva- MSFT Identity 所说,请在 MicrosoftGraph 权限下添加应用程序权限 Sites.ReadWrite.All,但不要在 Sharepoint 权限下添加。
我正在尝试使用后台服务将文件上传到 SharePoint 网站,到目前为止我什至无法成功列出网站。我认为 permissions/access 在我这边有问题,下面是我正在使用的核心代码:
var application = ConfidentialClientApplicationBuilder
.Create("APP_ID")
.WithClientSecret("APP_SECRET")
.WithTenantId("TENANT_GUID")
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(application, "https://*****.sharepoint.com/.default");
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var sites = await graphClient.Sites.Request().GetAsync();
但在这种情况下抛出异常:
Access token validation failure. Invalid audience.
如果我从 ClientCredentialProvider 中删除范围,下一个异常将出现:
Code: AccessDenied Message: Either scp or roles claim need to be present in the token.
应用程序本身具有所有必需的权限:
任何想法我在这里做错了什么
我的测试代码供大家参考:
string clientID = "cde921c5-abcd-abcd-a450-6dabcd46fec5"; // Put the Application ID from above here.
string clientSecret = "N7b1sxnxGCxLLWx9m0~UJUxBx.PNGrqb.K"; // Put the Client Secret from above here.
string graphApiResource = "https://graph.microsoft.com";
Uri microsoftLogin = new Uri("https://login.microsoftonline.com/");
string tenantID = "2e83cc45-652e-418b-a85v-80c281v30c09"; // Put the Azure AD Tenant ID from above here.
// The authority to ask for a token: your azure active directory.
string authority = new Uri(microsoftLogin, tenantID).AbsoluteUri;
AuthenticationContext authenticationContext = new AuthenticationContext(authority);
ClientCredential clientCredential = new ClientCredential(clientID, clientSecret);
// Picks up the bearer token.
AuthenticationResult authenticationResult = authenticationContext.AcquireTokenAsync(graphApiResource, clientCredential).Result;
GraphServiceClient graphClient = new GraphServiceClient(new DelegateAuthenticationProvider(
async (requestMessage) =>
{
// This is adding a bearer token to the httpclient used in the requests.
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", authenticationResult.AccessToken);
}));
var sites = graphClient.Sites.Request().GetAsync();
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenantID)
.WithClientSecret(clientSecret)
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
//To access the root SharePoint site:
var site1 = await graphClient.Sites["root"]
.Request()
.GetAsync();
//To access the Specified SharePoint site:
var site2 = await graphClient.Sites["{site-id}"]
.Request()
.GetAsync();
正如@Shiva- MSFT Identity 所说,请在 MicrosoftGraph 权限下添加应用程序权限 Sites.ReadWrite.All,但不要在 Sharepoint 权限下添加。