我试图读取所有用户从我的Azure AD与图形与以下方法:
public void GetUsers() {
var confidentialClient = ConfidentialClientApplicationBuilder
.Create("my application id")
.WithTenantId("my tenant id")
.WithClientSecret("my application secret")
.Build();
var graphClient = new GraphServiceClient("https://graph.microsoft.com/beta", new ClientCredentialProvider(confidentialClient));
var request = graphClient.Users.Request().Filter("accountEnabled eq true");
var users = await request.GetAsync(); // throws exception!
}
当我执行request.GetAsync()时,收到以下异常:
{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the operation.",
"innerError": {
"date": "2021-08-26T14:25:27",
"request-id": "d2772ea1-a994-4f14-bfad-0baffc6d24d3",
"client-request-id": "my application id"
}
}
}
在Azure AD上,我创建了一个应用程序,并添加了"API权限"。Read.User.All和Read.User的权限
我是否需要另一个特定的权限?是编码错误?
请确保权限类型为"应用程序";而不是&;delegated&;状态显示"授予">
如果您看到status为&;Not granting &;,点击"授予管理员同意">