【问题标题】:MsalServiceException: AADSTS500011: The resource principal named https://graph.microsoft.com/v1.0 not foundMsalServiceException:AADSTS500011:找不到名为 https://graph.microsoft.com/v1.0 的资源主体
【发布时间】:2020-12-26 12:28:06
【问题描述】:

范围值 =“https://graph.microsoft.com/.default”或“https://graph.microsoft.com/beta”

在 asp.net c# 中给出以下错误。

MsalServiceException:AADSTS500011:资源主体名为 在名为的租户中找不到https://graph.microsoft.com/v1.0 'xxxxxxxx'。如果尚未安装应用程序,可能会发生这种情况 由租户的管理员或由租户的任何用户同意 租户。您可能将身份验证请求发送到了错误的位置 租户。

代码:

string clientId = AppClientID;
        string clientSecret = Secret;
        string redirectUri =`enter code here` System.Configuration.ConfigurationManager.AppSettings["redirectUri"]; 
        string authority = "https://login.microsoftonline.com/" + tenantID;              
        string[] scopes = new string[] { "https://graph.microsoft.com/.default" };        
        //string[] scopes = new string[] { "https://graph.microsoft.com/beta/.default" };        
        IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
            .Create(clientId)
            .WithRedirectUri(redirectUri)
            .WithClientSecret(clientSecret)
            .WithAuthority(authority)
            .Build();
        AuthorizationCodeProvider auth = new AuthorizationCodeProvider(app, scopes);
        GraphServiceClient graphServiceClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) =>
        {           
            var authResult = app.AcquireTokenForClient(scopes).WithAuthority(authority, true).ExecuteAsync().Result.AccessToken.ToString();
            requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult);
        }));      
        var onlineMeeting = new OnlineMeeting
        {
            StartDateTime = DateTimeOffset.Parse("2021-07-12T21:30:34.2444915+00:00"),
            EndDateTime = DateTimeOffset.Parse("2021-07-12T22:00:34.2464912+00:00"),
            Subject = "My First MS Teams Meeting"
        };
        await graphServiceClient.Me.OnlineMeetings.Request().AddAsync(onlineMeeting);

【问题讨论】:

  • 请将scope改为:https://graph.microsoft.com/.default
  • 使用范围 = graph.microsoft.com/.default .posted code in question.plz check.
  • 仍然出现同样的错误?我没有看到 https://graph.microsoft.com/v1.0 放在您的代码中的任何位置。
  • 我是新来的,所以谢谢格式化@Allen。当我尝试'graph.microsoft.com/v1.0'时,我得到的参数'范围'无效。范围graph.microsoft.com/v1.0 无效。
  • 不要使用https://graph.microsoft.com/v1.0https://graph.microsoft.com/v1.0/.default。正如卡尔建议的那样,使用https://graph.microsoft.com/.default。如果您将范围设置为https://graph.microsoft.com/.default,我认为您在此处发布的错误不会发生。

标签: c# asp.net azure-active-directory microsoft-graph-api


【解决方案1】:
  1. 如果我将“scope”设置为https://graph.microsoft.com/v1.0/.default,您的问题可以重现,所以请务必将“scope”设置为https://graph .microsoft.com/.default

  1. 您不能在auth 代码流 中使用[AcquireTokenForClient][2] 函数来获取令牌。它通常应用于客户端凭据流。此流程不需要用户登录,因此即使您使用此功能获取令牌,也是不正确的。您可以解析查看令牌,它没有您在门户中添加的权限。对于验证码流程,您应该使用AcquireTokenByAuthorizationCode 获取令牌,如Pamela 所述。

使用AcquireTokenByAuthorizationCode获取token并解析:

3.代码:

            string clientId = "{clientId}";
            string clientSecret = "{clientSecret}";
            string redirectUri = "{redirectUri}";
            string authority = "https://login.microsoftonline.com/{tenant id}";
            string authorizationCode = "code";

            string[] scopes = new string[] { "https://graph.microsoft.com/.default" };

            IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
                .Create(clientId)
                .WithRedirectUri(redirectUri)
                .WithClientSecret(clientSecret)
                .WithAuthority(authority)
                .Build();

            AuthorizationCodeProvider auth = new AuthorizationCodeProvider(app, scopes);

            GraphServiceClient graphServiceClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {

                // Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
                var authResult = await app.AcquireTokenByAuthorizationCode(scopes, authorizationCode).ExecuteAsync();

                // Add the access token in the Authorization header of the API request.
                requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);

            })
            );

            var onlineMeeting = new OnlineMeeting
            {
                StartDateTime = DateTimeOffset.Parse("2021-07-12T21:30:34.2444915+00:00"),
                EndDateTime = DateTimeOffset.Parse("2021-07-12T22:00:34.2464912+00:00"),
                Subject = "My First MS Teams Meeting"
            };

            await graphServiceClient.Me.OnlineMeetings.Request().AddAsync(onlineMeeting);

【讨论】:

  • 感谢@Carl.For 使用 AcquireTokenByAuthorizationCode() 的详细解释,我不知道如何获取下面 u 显示的授权码:'var authResult = await app.AcquireTokenByAuthorizationCode(scopes, authorizationCode).ExecuteAsync( );'.plz提供一个code来获取authorizationCode。
  • 嗨@Carl,@Allen,@Pamela,我尝试使用 app.AcquireTokenByAuthorizationCode(scopes, authorizationCode) 来获取访问令牌。您建议的范围 graph.microsoft.com/OnlineMeetings.ReadWrite。我能够成功创建会议。但担心我无法以编程方式获取 AuthorizationCode,因此我从浏览器手动获取它。所以请证明代码以编程方式获取 AuthorizationCode。非常感谢。
  • @sdsUser 您无法以编程方式获取code,因为获取code 是一个交互过程。必须先登录用户,code需要在浏览器中动态获取。
猜你喜欢
  • 2020-07-30
  • 1970-01-01
  • 2020-01-31
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2021-09-27
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多