azure-ad-graph-api

问题 I am using Azure Graph API to import users from Azure AD. In the azure portal I have added multiple Applications. I am getting clientId, tenantId from protal and creating a secret key with one year expiry. Using these values I am creating an access_token and using that token connecting to AD. Here is the code public static String loginUrlPrefix = "https://login.windows.net/"; public static String loginUrlSufix = "/oauth2/token"; public static String importUrl = "https://management.core

问题 Currently the Azure AD application delegated permissions "Group.Read.All" and "Group.ReadWrite.All" requires admin consent. Refer: http://graph.microsoft.io/en-us/docs/overview/release_notes /////snip from the below URL///// Group permission scopes The Microsoft Graph exposes two permission scopes (Group.Read.All and Group.ReadWrite.All) for access to groups APIs. These permission scopes must be consented to by an administrator (which is a change from preview). In the future we plan to add

问题 Removing an AppRole from an Application’s manifest produces a 400 Bad Request with the error Property value cannot be deleted unless it is disabled first. When I set the isEnabled property to false and then hit save, I get a successful saven with a 200 OK looking at the browsers developer tools: After reloading the Edit manifest screen the isEnabled property is still true and if you look at the PUT response in the browsers developer tools, it's coming back as true there too. How can I remove

问题 I use the following PowerShell to create B2B users for an app that doesn't allow self signup. The tenant allows self service password resets and requires MFA. # B2C allows you to sign in either with your user name or email address (not both for some reason) $SignInNames = @( (New-Object ` Microsoft.Open.AzureAD.Model.SignInName ` -Property @{Type = "userName"; Value = $UserName}), (New-Object ` Microsoft.Open.AzureAD.Model.SignInName ` -Property @{Type = "emailAddress"; Value = $EmailAddress}

问题 I am Trying to access Active Directory data through graph API. i am getting the following error on running the application. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: "System.TypeLoadException: Inheritance security rules violated by type: 'System.Net.Http.WebRequestHandler'. Derived types must either match the security

问题 I am building a SaaS app that will be authenticating users using Azure AD. Let's say I am asking for just 1 delegated permission from user during consent prompt and user accepts it. Later on my app evolves and need to get more delegated permissions. In that case how do I re-prompt the user with the consent page? I would like do this only once when the permissions are changing. Do I need to track in my app what permissions each user has consented to and then determine to add the prompt=admin

问题 I am trying to do some very quick tests on Azure Active Directory, and I want to use a Daemon Application to access the Graph API without needing a user present to authenticate. I want to verify that my application registration can successfully authenticate to AAD, that my client secret is valid, and make calls to the AAD Graph API. I have registered a "Web App/API" in my directory already, and I have set it up to have the appropriate permissions to call the AAD Graph API in the App Only

问题 I have created a new application in Azure AD using the AAD Graph API. (code) Unfortunately it doesn't let my client access the requested resources until I have been to the application's configuration page in the Azure management portal and made a cosmetic change, and then saved it. After removing the change and saving again, it still works. The application manifest files before the change + change back steps and after them are completely identical (as in diff.exe says they are the same). When

问题 I have an Azure Active Directory and in my Web Api I have a piece of code that I can get a token from Azure Graph Api using the Application that I have registered with Azure and a Client Certificate. Here is the code that I use right now: public static string AcquireServiceToken() { var authority = string.Format(_authority, "common"); var authContext = new AuthenticationContext(authority); var result = authContext.AcquireToken(_serviceTokenResourceId, new ClientAssertionCertificate(

问题 I gave my application the following scopes: SCOPES = [ "Calendars.Read", "User.Read.All" ] I got an access token. With this token I am able to get the users and I get two users back which is correct. When I then ask for the calendar of myself (admin): https://graph.microsoft.com/v1.0/users/stijn@temponia.onmicrosoft.com/calendarview?startDateTime=#{start_date.to_s}&endDateTime=#{end_date.to_s} This also works perfectly. However when I do this for the other user: https://graph.microsoft.com/v1