使用图谱API更改Azure AD B2C用户密码 [英] Change Azure AD B2C User Password with Graph API
问题描述
我正在尝试使用示例图API 应用程序可更改用户密码,但我得到了:
I'm trying to use the Sample Graph API app to change a user's password but I'm getting:
调用图形API响应时出错:
{
"odata.error": {
"code": "Authorization_RequestDenied",
"message": {
"lang": "en",
"value": "Insufficient privileges to complete the operation."
}
}
}
图形API请求:
PATCH /mytenant.onmicrosoft.com/users/some-guid?api-version=1.6 HTTP/1.1
client-request-id: ffd564d3-d716-480f-a66c-07b02b0e32ab
date-time-utc: 2017.08.10 03:04 PM
JSON文件
{
"passwordProfile": {
"password": "Somepassword1$",
"forceChangePasswordNextLogin": false
}
}
我已经测试过更新用户的displayName
,并且效果很好.
I've tested updating the user's displayName
and that works fine.
{
"displayName": "Joe Consumer"
}
广告应用程序权限
我已经配置了我的应用程序权限,如此处所述.
推荐答案
Check out this article. Seems like it has the same symptoms.
解决方案1:
如果在调用仅包含读取权限的API时收到此错误,则必须在Azure管理门户中设置权限.
If you are receiving this error when you call the API that includes only read permissions, you have to set permissions in Azure Management Portal.
- 转到Azure管理门户并单击Active Directory.
- 选择您的自定义AD目录.
- 单击应用程序",然后选择您的应用程序.
- 单击配置",然后向下滚动到其他应用程序的权限"部分.
- 为Windows Azure Active Directory提供必需的应用程序权限和委派权限.
- 最后保存更改.
解决方案2:
如果在调用包含delete
或reset password
操作的API时收到此错误,那是因为这些操作需要Company Administrator
的管理员角色.到目前为止,您只能通过 Azure AD Powershell模块.
If you are receiving this error when you call the API that includes delete
or reset password
operations, that is because those operations require the Admin role of Company Administrator
. As of now, you can only add this role via the Azure AD Powershell module.
-
使用Get-MsolServicePrincipal –AppPrincipalId查找服务主体
Find the service principal using Get-MsolServicePrincipal –AppPrincipalId
Get-MsolServicePrincipal | ft DisplayName, AppPrincipalId -AutoSize
使用Add-MsolRoleMember将其添加到Company Administrator
角色
$clientIdApp = 'your-app-id'
$webApp = Get-MsolServicePrincipal –AppPrincipalId $clientIdApp
Add-MsolRoleMember -RoleName "Company Administrator" -RoleMemberType ServicePrincipal -RoleMemberObjectId $webApp.ObjectId
要通过PowerShell连接到B2C租户,您将需要一个本地管理员帐户. 此博客文章应提供帮助,请参见解决方案"部分.
To connect to your B2C tenant via PowerShell you will need a local admin account. This blog post should help with that, see "The Solution" section.
这篇关于使用图谱API更改Azure AD B2C用户密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!