azure-ad-graph-api

Restrict Office365 App “Read mail in All mailboxes” permission to specific mailbox

泪湿孤枕 提交于 2019-12-10 18:58:00
问题 I'm trying to download emails through Office365 app in MVC web app. And I'm struggling with configuring app permissions on Azure Active directory. Permission says: "Read mail in All mailboxes" however I want to choose which mailboxes it can access/read. Does anyone know ho to be more specific in setting up permissions in AAD? Thanks for any help. string authority = "https://login.microsoftonline.com/" + SettingsHelper.TenantId + "/oauth2/token"; var credential = new ClientCredential

Access Azure AD Graph API in ASP.NET MVC Organizational account

自作多情 提交于 2019-12-10 17:30:23
问题 I am trying to restrict page access based on logged in user's AD Groups. I have issues with following codes. var tenantId = incomingPrincipal.FindFirst(GraphConfiguration.TenantIdClaimType).Value; //create Azure Graph Api client to make api calls var client = Helpers.AzureGraphAPIFunctions.GetActiveDirectoryClient(tenantId); IGroup group = client.Groups.Where(x => x.DisplayName == groupName).ExecuteSingleAsync().Result; These codes work fine and get me the AD Group by groupName but sometimes

Azure AD PostAuthentication add claims

强颜欢笑 提交于 2019-12-10 14:25:26
问题 I am using Azure AD to authenticate the users. I want to add few user claims specific to my application. Should I do it in Application_PostAuthenticateRequest` in global.asax ?. Is there a way I can cache my claims too ? 回答1: If you are using the ASP.NET OWIN middleware, there are specific notifications you can use for that purpose. Claims added in that way will end up in your session cookie, so that you won't have to repeat the claims augmentation logic in subsequent calls. See http://www

How to use appRoleAssignment in Graph Api

﹥>﹥吖頭↗ 提交于 2019-12-10 13:58:57
问题 I'm trying to leverage the beta api for assigning azure users to applications. I looked at the documentation and tried a variety of attempts in a C# console app using HttpClient and WebClient and couldn't succeed. I then went to the Microsoft graph explorer https://developer.microsoft.com/en-us/graph/graph-explorer . I couldn't get it to work. I looked at the documentation https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/approleassignment_get The document's actual

Graph API to access oneDrive for business items/ffiles

陌路散爱 提交于 2019-12-10 11:58:52
问题 I am working on a document management application, which users should be able to access folders in oneDrive, sometime work on the same document/file, edit, copy document in application and upload document from application to the oneDrive. And it means that folder should be available to all users who has right. I could make all works when I am using my own personal account, for example I am using this url for getting list of files from a folderX:"https://graph.microsoft.com/v1.0/me/drive/root:

On premise Active Directory ObjectId is different than Azure Active Directory ObjectId

心已入冬 提交于 2019-12-10 11:30:14
问题 We have an on premise active directory that syncs with our azure active directory. Groups are made in the on premise AD and when I look at the objectGUID in the Attribute Editor tab I see one value but when I try to use that value in the Azure Graph API to get a group (after the sync has occurred) I get this { "odata.error": { "code": "Request_ResourceNotFound", "message": { "lang": "en", "value": "Resource '26b4c97f-68ad-4f8e-95d8-58ab4b8377e2' does not exist or one of its queried reference

How to create app registration using Azure SDK

▼魔方 西西 提交于 2019-12-10 10:05:47
问题 I need to create an app registration with Azure AD using Azure SDK (or using rest api call, if it's not possible with SDK) normally you do it manually using portal: or calling Azure CLI command az ad app create How can I do it from SDK or REST service 回答1: There are 2 possible ways to do this. You can pick what works based on your scenario. Microsoft Graph API Beta Endpoint Microsoft Graph API Beta endpoint and working with Application resource (as answered by Jean-Marc Prieur earlier too).

Azure Active Directory - MVC application best practices to store the access token

大憨熊 提交于 2019-12-10 09:25:42
问题 I've set up a simple MVC Application using Azure Active Directory(AAD). I need to query the AAD Graph API in order to manage application roles and groups from my application. In the Startup class, I received the AccessToken like that: public void ConfigureAuth(IAppBuilder app) { AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier; app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new

Azure AD application with Global Administrator rights

荒凉一梦 提交于 2019-12-08 15:19:31
So I am trying to set up an application on azure AD that can, among other things delete users. I have the application registered and use the client id and secert to gain teh access token. I was able to give the application permissions to create users and that works fine, but when i go to delete over the graph API i get a 403 Insufficient privileges to complete the operation. I am trying this over the graph rest API. The user that i am attempting to delete was made through the rest call as well. The user is in the same tenant as the application , so i am not trying to delete users from multiple

Unable to “List channel messages” on Azure AD Graph API Beta

偶尔善良 提交于 2019-12-08 08:50:44
问题 When I try to list channel messages I get: [...] "code": "UnknownError", "message": "Failed to execute backend request." [...] This error is for all teams I don't belong to. I have this error when trying to call the API from Microsoft Flow (with HTTP GET) but also with Graph Explorer: the account I used has FULL permission but still asks to check my permission: Failure - Status Code 403, 656ms Looks like you may not have the permissions for this call. Please modify your permissions And the
订阅 azure-ad-graph-api