收到 401 未经授权的错误 - MS Graph/PowerShell
Getting 401 Unauthorized Error - MS Graph/PowerShell
试图掌握 PowerShell 中 MS Graph 的窍门。已经在Azure中设置了应用注册,可以连接到Graph就好了。
但是,一旦我尝试查询图形 API,我就会收到 401 未经授权的错误。对于下面的示例,我已将所有可能的 Device/Devicemanagement 权限添加到 Azure 应用程序 API 权限。请参阅下面的代码:
[CmdletBinding()]
param (
[Parameter()]
[String]$Device
)
#Check if the module is installed
$GraphInstalled = Get-Module -ListAvailable -Name "Microsoft.Graph"
If (!$GraphInstalled) {
Write-Host "Microsoft Graph module not found." -f Yellow
Write-Host "Installing Microsoft Graph module. . ." -f Yellow
Install-Module -Name "Microsoft.Graph" -Repository "PSGallery" -Force -AllowClobber
}
Write-Host "Connecting to MS Graph. . ." -f Yellow
$AppID = 'x'
$TenantID = 'x'
$Certificate = 'x'
Connect-MgGraph -ClientID $AppID -TenantID $TenantID -CertificateThumbprint $Certificate
function Get-AzureADDevice {
[CmdletBinding()]
param(
[Parameter()]
[String]$Name
)
$GraphVersion = "v1.0"
$Header = @{
Authorization = "$($Request.token_type) $($Request.access_token)"
}
try {
$Resource = "Devices/?`$filter=devicename eq '$Device'"
$Uri = "https://graph.microsoft.com/$GraphVersion/$($Resource)"
(Invoke-RestMethod -Uri $Uri -Headers $Header -Method Get).Value
}
catch{
Write-Host "An error occurred:"
Write-Host "$_"
}
}
Get-AzureADDevice -Name $Device
我们已经在我们的环境中进行了测试并得到了同样的 401-unauthorised 问题,我们发现我们不需要为它添加任何外部函数,相反我们可以使用 Get-MgDevice
下面我们使用的脚本:
[CmdletBinding()]
param (
[Parameter()]
[String]$Device
)
#Check if the module is installed
$GraphInstalled = Get-Module -ListAvailable -Name "Microsoft.Graph"
If (!$GraphInstalled) {
Write-Host "Microsoft Graph module not found." -f Yellow
Write-Host "Installing Microsoft Graph module. . ." -f Yellow
Install-Module -Name "Microsoft.Graph" -Repository "PSGallery" -Force -AllowClobber
}
Write-Host "Connecting to MS Graph. . ." -f Yellow
$AppID = 'xxxxxxxxxxx'
$TenantID = 'xxxxxxxxx'
$Certificate = 'xxxxxxxxx'
Connect-MgGraph -ClientID $AppID -TenantID $TenantID -CertificateThumbprint $Certificate
Get-MgDevice -Filter "displayName eq '$Device'"
输出细节供参考:
试图掌握 PowerShell 中 MS Graph 的窍门。已经在Azure中设置了应用注册,可以连接到Graph就好了。
但是,一旦我尝试查询图形 API,我就会收到 401 未经授权的错误。对于下面的示例,我已将所有可能的 Device/Devicemanagement 权限添加到 Azure 应用程序 API 权限。请参阅下面的代码:
[CmdletBinding()]
param (
[Parameter()]
[String]$Device
)
#Check if the module is installed
$GraphInstalled = Get-Module -ListAvailable -Name "Microsoft.Graph"
If (!$GraphInstalled) {
Write-Host "Microsoft Graph module not found." -f Yellow
Write-Host "Installing Microsoft Graph module. . ." -f Yellow
Install-Module -Name "Microsoft.Graph" -Repository "PSGallery" -Force -AllowClobber
}
Write-Host "Connecting to MS Graph. . ." -f Yellow
$AppID = 'x'
$TenantID = 'x'
$Certificate = 'x'
Connect-MgGraph -ClientID $AppID -TenantID $TenantID -CertificateThumbprint $Certificate
function Get-AzureADDevice {
[CmdletBinding()]
param(
[Parameter()]
[String]$Name
)
$GraphVersion = "v1.0"
$Header = @{
Authorization = "$($Request.token_type) $($Request.access_token)"
}
try {
$Resource = "Devices/?`$filter=devicename eq '$Device'"
$Uri = "https://graph.microsoft.com/$GraphVersion/$($Resource)"
(Invoke-RestMethod -Uri $Uri -Headers $Header -Method Get).Value
}
catch{
Write-Host "An error occurred:"
Write-Host "$_"
}
}
Get-AzureADDevice -Name $Device
我们已经在我们的环境中进行了测试并得到了同样的 401-unauthorised 问题,我们发现我们不需要为它添加任何外部函数,相反我们可以使用 Get-MgDevice
下面我们使用的脚本:
[CmdletBinding()]
param (
[Parameter()]
[String]$Device
)
#Check if the module is installed
$GraphInstalled = Get-Module -ListAvailable -Name "Microsoft.Graph"
If (!$GraphInstalled) {
Write-Host "Microsoft Graph module not found." -f Yellow
Write-Host "Installing Microsoft Graph module. . ." -f Yellow
Install-Module -Name "Microsoft.Graph" -Repository "PSGallery" -Force -AllowClobber
}
Write-Host "Connecting to MS Graph. . ." -f Yellow
$AppID = 'xxxxxxxxxxx'
$TenantID = 'xxxxxxxxx'
$Certificate = 'xxxxxxxxx'
Connect-MgGraph -ClientID $AppID -TenantID $TenantID -CertificateThumbprint $Certificate
Get-MgDevice -Filter "displayName eq '$Device'"
输出细节供参考: