问题
I was planning to use Azure AD Graph API but then noticed on the Microsoft docs about suggestions to use Microsoft Graph API.
Is there a documentation provided for changing a user's password?
string result = Task.Run(async() => { return await GetAccessToken(); }).GetAwaiter().GetResult();
var graphserviceClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
(requestMessage) =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", result);
return Task.FromResult(0);
}));
var changePasswordRequest = graphserviceClient.Me.ChangePassword("oldpassword", "newpassword");
However I don't think this is sufficient. Any documentation available?
回答1:
You could update passwordProfile property to change the current user's password . Please refer to below code :
await graphClient.Me.Request().UpdateAsync(new User
{
PasswordProfile = new PasswordProfile
{
Password = "YourPassword",
ForceChangePasswordNextSignIn = false
},
});
And according to documentation, one of the following scopes is required to execute this API: User.ReadWrite User.ReadWrite.All Directory.ReadWrite.All.
Edit: The documentation has been updated with the following note:
When updating the
passwordProfileproperty, the following scope is required:Directory.AccessAsUser.All.
回答2:
See here:
https://blogs.msdn.microsoft.com/aaddevsup/2018/10/17/unable-to-modify-user-email-phone-number-password-or-other-personal-information-for-azure-active-directory-users/
If you call this from an app/api, you'll need to assign an AD role to the serviceprincipal of the application.
来源:https://stackoverflow.com/questions/43625460/change-password-for-azure-ad-using-microsoft-graph