azure-ad-graph-api

问题 I wanted to know how can we make graph API calls for guest users in Azure AD. I am able to achieve it for internal users using the API examples given here but the same calls are not working on guest user. Is there any difference in the way the requests need to be made? 回答1: Guest accounts in your tenant will have a different user principal name than the UPN they have in their home tenant. You should be able to see evidence of this by querying all the users in your tenant, and finding the

问题 So I am trying to set up an application on azure AD that can, among other things delete users. I have the application registered and use the client id and secert to gain teh access token. I was able to give the application permissions to create users and that works fine, but when i go to delete over the graph API i get a 403 Insufficient privileges to complete the operation. I am trying this over the graph rest API. The user that i am attempting to delete was made through the rest call as

问题 How to generate Azure Active Directory (AAD) authentication token for Graph API without interactive login screen for console/native application? Details: I am using Graph API to read emails with Azure Active Directory (AAD) with ‘’Delegated’’ permissions. ”Application” permission allows a user to read other mailboxes and there is no admin consent for this approach due to security concerns, so I am using ‘’Delegated’’ permissions. My console/native application is registered to AAD. Since AAD

问题 I am trying to write a script to assign users to an Azure AD application (servicePrincipal) using Graph API. I am testing this in my sandbox, where I have defined the app and assigned users to it. However, when I query the servicePrincipal , I don't see the users anywhere in the response. Questions: Based on the documentation, shouldn't there be appRoleAssignment ? The documentation says this field is read-only, so how are you supposed to assign users? 回答1: You can get the appRoleAssignments

问题 Following the code outlined here: https://github.com/Azure-Samples/active-directory-dotnet-graphapi-console/blob/master/GraphConsoleAppV3/Program.cs#L810 but using a Service Principal to authenticate one will get a Insufficient Privileges error when trying to create the application on client.Applications.AddApplicationAsync(appObject).Wait(); with token exchange like the following: var context = new AuthenticationContext($"https://login.microsoftonline.com/{tenantId}"); var token = context

问题 I am currently developing an application using AD-B2C as my identity provider. This is integrated into the solution using their guidelines at AD B2C graph, which uses openid-connect (to the best of my understanding at least). I need to use a form of email activation (outside of their register policy) and as such I need to be able to pass a value from the URL in the email, through the sign-up process at B2C and back to the redirection URL. I read somewhere that a parameter called "state" can

问题 I am currently developing an application using AD-B2C as my identity provider. This is integrated into the solution using their guidelines at AD B2C graph, which uses openid-connect (to the best of my understanding at least). I need to use a form of email activation (outside of their register policy) and as such I need to be able to pass a value from the URL in the email, through the sign-up process at B2C and back to the redirection URL. I read somewhere that a parameter called "state" can

问题 I have created an app using apps.dev.microsoft.com . This app shows up in my Azure AD but when I am trying to set the value of the sign on url and the app id url from manage.windowsazure.com and clicking on the save button the save fails with error message: This request has a value that is not valid. I am putting "http://localhost/crm" as the value for APP ID URI and "http://localhost/crm" as value for SIGN-ON URL. Where am I going wrong ? 回答1: At present, the Azure AD v2.0 apps are managed

问题 I am trying to pull azure ad user info using azure AD graph api. Will graph api work with adal 2 nuget packages? Reason for this question is My webapplication is using below code in for auth and works only with Adal2x versions using Microsoft.IdentityModel.Clients.ActiveDirectory. But Azure ad graph uses different way to pull token and it works only with adal3 .AcquireTokenSilentAsync is part of adal3. AcquireTokenByAuthorizationCode is part of adal2 for authentication on startup. I have to

问题 I am trying to create a Daemon (code-only, server-only) app that can access my Personal Microsoft Account. I cannot figure out how to get an Access_Token that does not expire (or a refresh_token). I can create a working non-expiring (admin logs in only once) Daemon app for my Business (Office 365) Account using the "adminconsent" endpoint detailed here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-client-creds/ or here: https://blogs.msdn