如何解决图形API StatusCode:403,
我一直在尝试从下面的代码中获取访问令牌。并且一直在使用此令牌从Graph REST API获取数据。传递此令牌时,我无法接收数据,并显示403错误
public static async Task Main(string[] args)
{
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create("")
.WithTenantId("fd49eed930e2db05de")
.WithClientSecret("W9gF..e7JJ_q37Q9z_E3")
.Build();
var scopes = new string[] { "https://graph.microsoft.com/.default" };
var authResult = await confidentialClientApplication.AcquireTokenForClient(scopes).ExecuteAsync();
string token = authResult.AccessToken;
await CallWebApiAndProcessResultASync("https://graph.microsoft.com/v1.0/users",token,Display);
}
public static async Task CallWebApiAndProcessResultASync(string webApiUrl,string accessToken,Action<JObject> processResult)
{
if (!string.IsNullOrEmpty(accessToken))
{
using (HttpClient HttpClient = new HttpClient())
{
var defaultRequestHeaders = HttpClient.DefaultRequestHeaders;
if (defaultRequestHeaders.Accept == null || !defaultRequestHeaders.Accept.Any(m => m.MediaType == "application/json"))
{
HttpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
}
defaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer",accessToken);
HttpResponseMessage response = await HttpClient.GetAsync(webApiUrl);
if (response.IsSuccessStatusCode)
{
string json = await response.Content.ReadAsStringAsync();
JObject result = JsonConvert.DeserializeObject(json) as JObject;
Console.ForegroundColor = ConsoleColor.Gray;
processResult(result);
}
else
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine($"Failed to call the Web Api: {response.StatusCode}");
string content = await response.Content.ReadAsStringAsync();
Console.WriteLine($"Content: {content}");
}
Console.ResetColor();
}
}
}
private static void Display(JObject result)
{
foreach (JProperty child in result.Properties().Where(p => !p.Name.StartsWith("@")))
{
Console.WriteLine($"{child.Name} = {child.Value}");
}
}
请注意,我是Azure管理员。
解决方法
您是否已针对Microsoft graph API检查了AAD应用程序的权限?
根据List Users的文档,我们需要以下权限之一才能调用此API:
User.Read.All,User.ReadWrite.All,Directory.Read.All,Directory.ReadWrite.All
您可以引用此document使权限名称与作用域名称匹配。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。