Azure MSI是否支持访问Graph API? [英] Does Azure MSI support accessing Graph API?
问题描述
我在Azure中创建了一个启用了MSI(托管服务标识)的虚拟机,并且我还授予了我对虚拟机订阅的贡献者角色,因此,通过此虚拟机,我可以调用"localhost:50342"。获取访问令牌,然后使用Azure Resource
Manager API(端点:management.azure.com)访问Azure资源。现在,当我尝试使用相同的方式访问Azure Graph API(端点:graph.microsoft.com)时,我不断获得"[code] => Authorization_RequestDenied [value] =>没有足够的
权限来完成操作"。那么在启用MSI时,如何授予VM访问Azure Graph API的权限?非常感谢!
Microsoft Graph API只是一个REST API端点,一旦有了访问令牌,就可以利用访问令牌来执行任务。通常,用户在Azure AD中具有应用程序,该应用程序具有Microsoft Graph API的必需资源。如果MSI
不执行此类过程,则您需要从具有此资源的Application请求访问令牌,或者创建您自己的HTTP请求以从现有AAD应用程序检索具有Graph API权限的访问令牌。
您可以参考此链接 -
https://developer.microsoft.com/en-us/graph/docs/concepts/auth_overview
------------ -------------------------------------------------- -----------------------------------------------
请点击"标记为答案"在帮助您投票并将其投票为有用的帖子上,这对其他社区成员有益。
$
I have a VM created in Azure with MSI (Managed Service Identity) enabled and I also grant the contributor role of my subscription to the VM, so from this VM, I am able to call "localhost:50342" to get the access token and then use Azure Resource Manager API (endpoint: management.azure.com) to access Azure resources. Now when I tried to use the same way to access Azure Graph API (endpoint: graph.microsoft.com), I kept getting "[code] => Authorization_RequestDenied [value] => Insufficient privileges to complete the operation". So how am I able to grant permissions to the VM to access Azure Graph API when MSI is enabled? Thank you very much!
Microsoft Graph API is just a REST API endpoint where once you have an access token, you can utilize the access token to perform task. Typically, users have an Application within Azure AD that has a required resource of the Microsoft Graph API. If MSI does not do this type of process, then you will need to request an access token from an Application that has this resource or create your own HTTP request to retrieve an access token with Graph API Permissions from an existing AAD Application.
You may refer to this link - https://developer.microsoft.com/en-us/graph/docs/concepts/auth_overview
-------------------------------------------------------------------------------------------------------------
Do click on "Mark as Answer" on the post that helps you and vote it as helpful, this can be beneficial to other community members.
这篇关于Azure MSI是否支持访问Graph API?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
