azure-ad-graph-api

问题 I was planning to use Azure AD Graph API but then noticed on the Microsoft docs about suggestions to use Microsoft Graph API. Is there a documentation provided for changing a user's password? string result = Task.Run(async() => { return await GetAccessToken(); }).GetAwaiter().GetResult(); var graphserviceClient = new GraphServiceClient( new DelegateAuthenticationProvider( (requestMessage) => { requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", result); return Task

问题 I am trying to find a solution for resetting user's passwords (all users, not just the authenticated user) in Azure Active directory via a non-interactive login. Right now it seems this is only available via powershell's MSOnline Set-AzureADUserPassword cmdlet using a Service Principal login. I'd like to find a solution using an API Endpoint so I can use C#. The closest solutions I've found was Microsoft Graph API but after setting it up, I realized I can only reset the passwords via an

问题 I am trying to find a solution for resetting user's passwords (all users, not just the authenticated user) in Azure Active directory via a non-interactive login. Right now it seems this is only available via powershell's MSOnline Set-AzureADUserPassword cmdlet using a Service Principal login. I'd like to find a solution using an API Endpoint so I can use C#. The closest solutions I've found was Microsoft Graph API but after setting it up, I realized I can only reset the passwords via an

问题 We are using Azure B2C with a Reset password policy using MFA . ADAL is used for authentication and Graph API to create / update a user. When a user invokes the Reset password policy (thru a link on the app), he first needs to provide an email address where a verification code is sent. Then (because MFA is enabled), if the user has a phone number in his Authentication Contact Info , Azure can send a text message or call this number to perform a second authentication check. However, if the

问题 I'm trying to retrieve the policies created for my tenant on the Azure AD portal using the Microsoft Graph API. As I understand from the graph API documentation, all the policy CRUD operations require a scope of Directory.AccessAsUser.All . This scope translates to the permission Access directory as the signed-in user as mentioned here - https://developer.microsoft.com/en-us/graph/docs/authorization/permission_scopes I have been trying to configure my application on the both the new Azure

问题 I'm trying to retrieve the policies created for my tenant on the Azure AD portal using the Microsoft Graph API. As I understand from the graph API documentation, all the policy CRUD operations require a scope of Directory.AccessAsUser.All . This scope translates to the permission Access directory as the signed-in user as mentioned here - https://developer.microsoft.com/en-us/graph/docs/authorization/permission_scopes I have been trying to configure my application on the both the new Azure

问题 I've got access_token from Azure Ad V2.0 endpoint to call Graph Api. But I have to do some actions in the api on behalf of user. So I need refresh_token to renew my access_token when it'll expire. Is there any way to get Refresh token using MSAL in ASP .Net Core? In microsoft documentaion they're telling it's possible to do by requesting /token endpoint. But I couldn't find how to do it using MSAL. 回答1: MSAL .NET does not expose the refresh token, but rather keeps it internal and handles all

问题 I have a multitenant ASP.NET application using OpenIdConnect and Azure AD as an Identity provider for Office 365. When the user is authenticated I receive my claims in ClaimsPrincipal.Current . I wanted to identify a user and store this id reference in my database. I asked this question. It was replied that When trying to identify a user uniquely [NameIdentifier] should be your go-to choice. But it seems that the NameIdentifier claim, http://schemas.xmlsoap.org/ws/2005/05/identity/claims

问题 When trying to access the Graph Service Client using I am receiving the error : Code: Authorization_RequestDenied Message: Insufficient privileges to complete the operation. After researching this error the most common solution was to set the permissions for the API. This had already been done and has permissions to read basic/full profiles. I've delete and re-added the APIs. Below is the code in my AzureAuthenticationProvider class which inherits from IAuthenticationProvider : public class

问题 I have an Azure integrated service application (daemon app) with permissions to the Microsoft graph api, I can now read all the mailboxes for the entire company, which is awesome but might raise some concerns with the business management. We use Outlook in Office 365.Is there a way to specify mailboxes that the app can have access to instead of having access to all mailboxes/users. 回答1: The daemon app which use the client credential to acquire the access token. The client credential flow is