发表新帖
发表新帖

Graph API - Insufficient privileges to complete the operation

前端 未结
关注
9 1383
长情又很酷
长情又很酷 2020-12-09 01:37

When trying to access the Graph Service Client using I am receiving the error :

Code: Authorization_RequestDenied
Message: Insufficient privile

相关标签:
9条回答
  • 攒了一身酷
    2020-12-09 01:57

    It seems like your application is not having enough rights to access AD information. You can follow the steps mentioned in below link/article to login to Azure portal and see if your application has got enough privileges to access AD.

    http://www.morgantechspace.com/2016/01/graph-api-insufficient-privileges-to-complete-the-operation.html

    https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet

    Also I hope, the "authResult.AccessToken" is not null in your case. One thing, the second link above is having very detailed explanation on application access rights to AD. could be of help to you.

    0 讨论(0)
  • 孤独总比滥情好
    2020-12-09 02:02

    I'ts necesary to Grant permissions, App registrations-->YourApp-->API Permissions-->+Add a permission-->Microsoft Graph-->Aplication permissions--> Directory.Read.All and Directory.ReadWrite.All (as you need). Finally Grant admin consent for your tenant

    Directory.Read.. permission

    Grant Admin consent

    But in adition I ned to set the assignments in the "Roles and administrators" --> Search "User administrator" --> Add assignments, then, in the search box, put the registrered App name in the search box (WebApp is my case). Finally click Add. It's gives to the app an ServicePrincipal assignment.

    Admin assigment

    0 讨论(0)
  • 余生分开走
    2020-12-09 02:03

    For me the key to solve this problem was hint:

    To use the Graph API with your B2C tenant, you will need to register a dedicated application by using the generic App Registrations menu (All Services and there it is by default not Favourite starred) in the Azure Portal, NOT Azure AD B2C's Applications menu. You can't reuse the already-existing B2C applications that you registered in the Azure AD B2C's Applications menu.

    Find more on page AD B2C API access demo

    0 讨论(0)
  • 不思量自难忘°
    2020-12-09 02:03

    In my case, delete user was not working. I took below steps & it started working for me.

    Go to Azure Active Directory > Roles and administrators > Click on 'User administrator' > click on '+ Add assignment' to add your app. (i.e. console app using AAD Graph REST API to interact with Azure Active Directory).

    Hope it helps someone.

    0 讨论(0)
  • 天涯浪人
    2020-12-09 02:13

    In some cases the actual issue happens because we use "Application permissions" instead of "Delegated permissions". In my application, I have tried to list all the users with application permissions and it wasn't working. When I switched to a delegated permissions, it worked.

    So, some quick check would be like this:

    1. Check if you are using Microsoft Graph API or something else
    2. Use Delegated permissions
    3. Click Grant permissions button to propagate permissions :)

    Hopefully, this would help someone.

    0 讨论(0)
  • 醉酒成梦
    2020-12-09 02:13

    Suppose you want to create group in azure active directory i have to performer the following steps to solve this problem

    1. AD > App Registered > your app
    2. Select Required Permission
    3. Click Add and select Microsoft Graph and add it
    4. select Microsoft Graph
    5. select Read and write all groups from delegated permission list
    6. And save it
    7. Select Windows Azure Active Directory and grant all application permission
    8. Save it
    0 讨论(0)
 看不清?
提交回复
热议问题