为什么是“应用程序权限"在 Azure AD 的“请求 API 权限"中禁用? [英] Why is "Application permissions" disabled in Azure AD's "Request API permissions"?
问题描述
我正在尝试授予控制台应用在 Azure AD 中调用 API 的权限.
当我去添加权限"时,应用程序权限"是灰色的,我只能选择委托权限".
我的理解是应用程序权限适用于控制台应用程序,因为它在后端运行,用户无需登录.
来自应用程序权限"的帮助文本:
<块引用>您的应用程序在没有登录用户的情况下作为后台服务或守护程序运行.
委托权限"的帮助文本:
<块引用>您的应用程序需要以登录用户的身份访问 API.
为什么禁用应用程序权限"?
根据我的理解,您正在公开受 Azure AD 保护的自定义 API.如果是这样,您需要
清单:
"appRoles": [{允许的成员类型":[应用"],"description": "具有此角色的应用程序可以调用我的 API","displayName": "可以调用我的 API","id": "fc803414-3c61-4ebc-a5e5-cd1675c14bbb",已启用":真,朗":空,"origin": "应用程序",值":myTestRole"}]然后会显示应用权限.
I'm trying to give a console app permission to call an API in Azure AD.
When I go to "Add permissions," "application permissions" is grayed out and I can only select "delegated permissions."
My understanding is that application permissions is right for the console app because it runs on the back-end and users don't sign into it.
From the help text for "application permissions":
Your application runs as a background service or daemon without a signed-in user.
The help text for "delegated permissions":
Your application needs to access the API as the signed-in user.
Why is "application permissions" disabled?
Per my understanding, you are exposing your custom api protected by Azure AD. If so, you need to define the application permission by editing the manifest of your api app.
manifest:
"appRoles": [
{
"allowedMemberTypes": [
"Application"
],
"description": "Apps that have this role have the ability to invoke my API",
"displayName": "Can invoke my API",
"id": "fc803414-3c61-4ebc-a5e5-cd1675c14bbb",
"isEnabled": true,
"lang": null,
"origin": "Application",
"value": "myTestRole"
}
]
Then the application permission will show up.
这篇关于为什么是“应用程序权限"在 Azure AD 的“请求 API 权限"中禁用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
