azure-active-directory

问题 I have a few users added to my Azure AD account, I would like to get the roles and user information on these users by calling an Azure API from Postman in the form of claims. I tried calling the following URL with the parameters as : https://login.microsoftonline.com/myTenantId/oauth2/token Body: grant_type : password, client_id : client id, client secret : client secret I receive the access_token in the encoded format in the response, When I decode it on https://jwt.io/ I see the decoded

问题 So, I am trying to do see if I can support a scenario where a C# daemon app can access a custom Web API protected with MSAL.NET and OAuth2 scopes. As of now, I see no way of doing this. The versions of the libraries and toolsets are: .NET Core 2.2 Microsoft.Identity.Client 4.1.0 The client is var app = ConfidentialClientApplicationBuilder.Create("<app_id_of_my_web_api>") .WithClientSecret("<client_secret>") .WithAuthority("https://login.microsoftonline.com/<tenant_id_that_hosts_the_web_api>")

问题 I'm getting ERROR: Insufficient privileges to complete the operation. when running az ad app permission add What permission do I need to grant my service principal for this to work? I gave it the AppRoleAssignment.ReadWrite.All permission which says: Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, on behalf of the signed-in user. Update: I also gave it Application.ReadWrite.All, but still

问题 Does anyone know how to request permission to send emails using Graph API by an app that runs without a signed-in user? I have an Azure WebApp with permission to send email using Microsoft Graph. In the Azure portal (Azure Active Directory -> App registrations -> MyApp - API permissions), my app has granted permission for Mail.Send ( Type: Application : Description: Send mail as any user ). In the next step, I’m inviting a user from my organization. In Azure Ad the user type is Guest. I

问题 Does anyone know how to request permission to send emails using Graph API by an app that runs without a signed-in user? I have an Azure WebApp with permission to send email using Microsoft Graph. In the Azure portal (Azure Active Directory -> App registrations -> MyApp - API permissions), my app has granted permission for Mail.Send ( Type: Application : Description: Send mail as any user ). In the next step, I’m inviting a user from my organization. In Azure Ad the user type is Guest. I

问题 I want to update the birthday of a user using the patch request. Updating other properties works as expected but the moment the birthday property is included, the following error returned: The request is currently not supported on the targeted entity set I already tried to update the user to be sure the permissions are fine. Application permissions are used. This PATCH request to /V1.0/users/{id} works: { "givenName": "Fridas" } Passing this request body however: { "givenName":"Fridas",

问题 Only authenticated users can access the application as expected. I need to be able to track users via signalr. For example, if I run a ChatHub type of service, I'd like people to be able to chat using their AzureAD username which should be set automatically and not let people set their own usernames. The hub always shows Context.Identity.User.Name is null. services.AddAuthentication(AzureADDefaults.AuthenticationScheme) .AddAzureAD(options => Configuration.Bind("AzureAd", options)); services

问题 I am using the GraphServiceClient with .Net Core 2. I am trying to add AdditionalData to my Users using the following code var updated = new User() { AdditionalData = new Dictionary<string, object> { {"OtherEmail", otherEmail}, {"OtherRole", otherRole} }, }; await _graphClient.Users[user.Id].Request().UpdateAsync(updated); When this executes I get the following error Microsoft.Graph.ServiceException : Code: Request_BadRequest Message: One or more property values specified are invalid. Does

问题 I have an app that is authenticating with Azure Active Directory using OpenIdConnect. Everything is working fine except when I link to my site from a Office Application (excel/ word). From these applications I get a "Exception: Correlation failed.". From my research it seems to be that office is first doing the 302 redirect and then opening that page not the original link. See: https://github.com/aspnet/Security/issues/1252 After a recommendation for how to handle this scenario. I don't want

问题 I want to access a private blob store, from python, by using credentials from an active directory service principal. I am aware of this related question How do I authenticate a user against an Azure storage blob in python? This has helped me get this far but now I'm stuck. I can authenticate and get a token which let me list containers, create new containers, but will not let me list or access any blobs. I wish to set this up via the az cli. Service principal has been set up like so: az ad sp