我正在努力理解如何使用SharePoint CSOM添加一个用户作为站点集合管理员。
到目前为止,这段代码可以让全局管理员将用户添加为站点集合管理员,即使全局管理员不包含为站点管理员。
我已经尝试运行代码作为正常用户,这只是站点集合管理员,添加另一个用户作为站点集合管理员。但是我得到了一些错误:
-
如果我使用SharePoint Admin URL来获取访问令牌,那么代码在第48行崩溃为401 "未经授权">
-
如果我使用站点集合URL来获取访问令牌,当我试图获得访问令牌时,我得到错误,说站点在环境中不存在。
-
如果我使用根站点URL ("https://domain-admin.sharepoint.com/)来获取访问令牌,那么代码在第51行崩溃为401 "未经授权"
我正在使用PnP。PowerShell代码参考:https://github.com/pnp/powershell/blob/dev/src/Commands/Admin/SetTenantSite.cs#L547-L574
我的过程和这里差不多:MSAL AD令牌对SharePoint Online CSOM无效
但我不清楚这是否是访问令牌或我使用的CSOM命令的问题。
有谁知道该怎么继续吗?
顺便说一句,我想如果我使用全局管理帐户,我只需要使用租户。SetSiteAdmin(siteCollection, userEmail, true);。我在某个地方读到,即使是全局管理我需要EnsureUser(userEmail);,但到目前为止,代码似乎没有它的工作。using Microsoft.Identity.Client;
using Microsoft.SharePoint.Client;
namespace ScriptTester
{
internal class Program
{
static async Task Main(string[] args)
{
await AddUserAdmin();
}
public static async Task AddUserAdmin()
{
string siteAdmin = "https://domain-admin.sharepoint.com/";
string siteRoot = "https://domain.sharepoint.com/";
string siteCollection = "https://domain.sharepoint.com/sites/SiteName/";
string userEmail = "_email";
string accessToken = await GetAccessToken(siteRoot);
using (var context = new Microsoft.SharePoint.Client.ClientContext(siteRoot))
{
context.ExecutingWebRequest += (sender, e) =>
{
e.WebRequestExecutor.RequestHeaders["Authorization"] = "Bearer " + accessToken;
};
var tenant = new Microsoft.Online.SharePoint.TenantAdministration.Tenant(context);
try
{
addLog("Try using tenant context");
tenant.SetSiteAdmin(siteCollection, userEmail, true);
tenant.Context.ExecuteQueryRetry();
}
catch (Exception ex)
{
addLog("Failed using Tenant context");
addLog(ex.Message);
using (var site = tenant.Context.Clone(siteCollection))
{
var user = site.Web.EnsureUser(userEmail);
user.Update();
user.IsSiteAdmin= true;
site.Load(user);
site.ExecuteQueryRetry();
tenant.SetSiteAdmin(siteCollection, userEmail, true);
tenant.Context.ExecuteQueryRetry();
}
}
}
}
public static async Task<string> GetAccessToken(string siteUrl)
{
string tenantId = "xxxx-xxxx-xxxx-xxxx-xxx";
string clientId = "xxxx-xxxx-xxxx-xxxx-xxx";
Uri authority = new Uri($"https://login.microsoftonline.com/{tenantId}");
string redirectUri = "http://localhost";
string defaultPermissions = siteUrl + "/.default";
string[] scopes = new string[] { defaultPermissions };
var app = PublicClientApplicationBuilder.Create(clientId)
.WithAuthority(authority)
.WithRedirectUri(redirectUri)
.Build();
AuthenticationResult result;
result = await app.AcquireTokenInteractive(scopes)
.WithUseEmbeddedWebView(false)
.ExecuteAsync();
return result.AccessToken;
}
}
}
我建议您使用PnP Core组件访问站点集并添加admin。请参考以下代码
string siteUrl = "https://xxx.sharepoint.com/";
string userName = "xxxx@xxx.onmicrosoft.com";
string password = "*******";
AuthenticationManager authManager = new AuthenticationManager();
try
{
using (var clientContext = authManager.GetSharePointOnlineAuthenticatedContextTenant(siteUrl, userName, password))
{
List<UserEntity> admins = new List<UserEntity>();
UserEntity admin = new UserEntity();
admin.LoginName = "nirmal";
admins.Add(admin);
clientContext.Site.RootWeb.AddAdministrators(admins, true);
Console.WriteLine("User added as Site Collection Admin");
Console.ReadKey();
}
}
catch (Exception ex)
{
Console.WriteLine("Error Message: " + ex.Message);
Console.ReadKey();
}