无法使用GraphServiceClient创建具有应用程序身份的在线会议 [英] Fail to create online meeting with application identity with GraphServiceClient

问题描述

我正在使用Azure AD的应用程序身份并同时授予读写权限，我还运行了Grant-CsApplicationAccessPolicy，以便该应用程序身份有权代表Azure AD的真实用户身份创建在线会议

I'm using an application identity from Azure AD with both read write permission granted, I've also run the Grant-CsApplicationAccessPolicy so that the application identity has right to create online meeting on behalf of a real user identity from Azure AD

我知道我的设置适用于来自图api的获取用户.但是，运行以下命令后出现错误:

I know my setup works with get user from the graph api. However, I'm getting error after running the following:

            var confidentialClient = ConfidentialClientApplicationBuilder
                .Create(clientId)
                .WithAuthority($"https://login.microsoftonline.com/{tenantId}/v2.0")
                .WithClientSecret(clientSecret)
                .Build();

            GraphServiceClient graphServiceClient =
                new GraphServiceClient("https://graph.microsoft.com/beta", new DelegateAuthenticationProvider(async (requestMessage) =>
                {

                        var authResult = await confidentialClient
                            .AcquireTokenForClient(scopes)
                            .ExecuteAsync();

                        requestMessage.Headers.Authorization =
                            new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
                })
                    );

                var onlineMeeting = new OnlineMeeting
                {
                    StartDateTime = DateTimeOffset.Parse("2020-12-25T21:30:34.2444915+00:00"),
                    EndDateTime = DateTimeOffset.Parse("2020-12-25T22:00:34.2464912+00:00"),
                    Subject = "User Token Meeting 1"
                    
                };

                var meetingInstance = await graphServiceClient.Me.OnlineMeetings
                    .Request()
                    .AddAsync(onlineMeeting);

错误消息如下，为什么会显示 在AAD中按用户ID查找用户失败 ?

The error message is as follow, why would it say User look up by user id failed in AAD?

状态:未找到(404)OperationId:8d06ff01-1dc3-49d1-9ced-9db6a919b162

Status: NotFound (404) OperationId: 8d06ff01-1dc3-49d1-9ced-9db6a919b162

ClientCorrelationId:53b4478e-ba86-48ca-bb5b-25e5ef50c187

ClientCorrelationId: 53b4478e-ba86-48ca-bb5b-25e5ef50c187

服务器错误:在AAD中按用户ID查找用户失败.

Server error: User lookup by user id failed in AAD.

客户端异常:HTTP请求的处理导致异常.有关详细信息，请参见此异常的'Response'属性返回的HTTP响应.

Client exception: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details.

内部错误:

其他数据:

日期:2020-12-16T21:08:31

date: 2020-12-16T21:08:31

request-id:d60858cf-5ef5-4a0d-8d67-181f80ed6c35

request-id: d60858cf-5ef5-4a0d-8d67-181f80ed6c35

client-request-id:d60858cf-5ef5-4a0d-8d67-181f80ed6c35

client-request-id: d60858cf-5ef5-4a0d-8d67-181f80ed6c35

ClientRequestId:d60858cf-5ef5-4a0d-8d67-181f80ed6c35

ClientRequestId: d60858cf-5ef5-4a0d-8d67-181f80ed6c35

(HttpRequestMessage请求，HttpCompletionOptioncompleteOption，CancellationToken cancelledToken)在Microsoft.Graph.BaseRequest.SendRequestAsync(Object serializableObject，CancellationToken cancelToken，HttpCompletionOptioncompleteOption)在Microsoft.Graph.BaseRequest.SendAsync [T](对象serializableObject，CancellationToken cancelToken，HttpCompletionOption完成选项)在D:\ VSTS \ msteam \ MSTeam \ MSTeam \ Program.cs:line 62的MSTeam.Program.Main(String [] args)中

at Microsoft.Graph.HttpProvider.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken) at Microsoft.Graph.BaseRequest.SendRequestAsync(Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption) at Microsoft.Graph.BaseRequest.SendAsync[T](Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption) at MSTeam.Program.Main(String[] args) in D:\VSTS\msteam\MSTeam\MSTeam\Program.cs:line 62

推荐答案

Dev是正确的.

基于此

使用应用程序令牌时的请求: POST/users/{userId}/onlineMeetings .

因此，您应在此处使用 graphServiceClient.Users ["{userId}"].OnlineMeetings 而不是 graphServiceClient.Me.OnlineMeetings .

So you should use graphServiceClient.Users["{userId}"].OnlineMeetings instead of graphServiceClient.Me.OnlineMeetings here.

userId 是用户的对象ID.当您

userId is the object ID of a user. When you Configure application access policy, you need to grant the policy to the user:

Grant-CsApplicationAccessPolicy -PolicyName Test-policy -Identity "ddb80e06-92f3-4978-bc22-a0eee85e6a9e"

ddb80e06-92f3-4978-bc22-a0eee85e6a9e 正是 userId .

我的代码供您参考:

        // Configure the MSAL client as a confidential client
        var confidentialClient = ConfidentialClientApplicationBuilder
            .Create("{client_id}")
            .WithTenantId("{tenant_id}")
            .WithClientSecret("{client_secret}")
            .Build();

        ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClient);

        GraphServiceClient graphServiceClient = new GraphServiceClient(authProvider);

        var onlineMeeting = new OnlineMeeting
        {
            StartDateTime = DateTimeOffset.Parse("2021-01-12T21:30:34.2444915+00:00"),
            EndDateTime = DateTimeOffset.Parse("2021-01-12T22:00:34.2464912+00:00"),
            Subject = "User Token Meeting123"
        };

        var meeting = await graphServiceClient.Users["{userId}"].OnlineMeetings
            .Request()
            .AddAsync(onlineMeeting);

这篇关于无法使用GraphServiceClient创建具有应用程序身份的在线会议的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！