Microsoft Graph,上载到共享驱动器:呼叫者未通过身份验证 [英] Microsoft Graph, upload to sharepoint drive: The caller is not authenticated
问题描述
此应用在托管在 localhost 上的我的应用程序上的工作:
This work on my application hosted on localhost:
"https://graph.microsoft.com:443/v1.0/sites/test.sharepoint.com,edc2dd46-cea8-4b10-a872-cd1a55ba4529,b14c0787-d4c1-4f4a-9a6c-7e010d794be9/drives/b!Rt3C7ajOEEuocs0aVbpFKYcHTLHB1EpPmmx-AQ15S-nygMtHkkWNRaaOc2GebusJ/items/01VI7PMEF6Y2GOVW7725BZO354PWSELRRZ?%24filter=folder ne null&%24select=id%2cfolder%2cname%2cparentReference%2cwebUrl"
"https://graph.microsoft.com:443/v1.0/sites/test.sharepoint.com,edc2dd46-cea8-4b10-a872-cd1a55ba4529,b14c0787-d4c1-4f4a-9a6c-7e010d794be9/drives/b!Rt3C7ajOEEuocs0aVbpFKYcHTLHB1EpPmmx-AQ15S-nygMtHkkWNRaaOc2GebusJ/items/01VI7PMEF6Y2GOVW7725BZO354PWSELRRZ?%24filter=folder ne null&%24select=id%2cfolder%2cname%2cparentReference%2cwebUrl"
"https://graph.microsoft.com:443/v1.0/sites/test.sharepoint.com,edc2dd46-cea8-4b10-a872-cd1a55ba4529,b14c0787-d4c1-4f4a-9a6c-7e010d794be9/drives/b!Rt3C7ajOEEuocs0aVbpFKYcHTLHB1EpPmmx-AQ15S-nygMtHkkWNRaaOc2GebusJ/root:/Presentation.en-GB.pptx:/microsoft.graph.createUploadSession"
但是当我将应用程序作为Web应用程序上载到Azure上的生产服务器上时.
But when I have uploaded the application on production server on azure as webapp.
我通过尝试通过ID查找共享点站点并创建上传会话而收到此错误.
I get this error by trying to find sharepoint site by id and creating upload session.
外部: Microsoft.Graph.ServiceException:代码:itemNotFound 消息:找不到资源.
Outer: Microsoft.Graph.ServiceException: Code: itemNotFound Message: The resource could not be found.
内部: Microsoft.Graph.ServiceException:代码:未经身份验证 消息:呼叫者未通过身份验证.
Inner: Microsoft.Graph.ServiceException: Code: unauthenticated Message: The caller is not authenticated.
为什么它可以在localhost而不是我的azure应用程序上工作? 对于开发和生产,应用程序注册不同,但是权限相同.
Why does it work on localhost and not my azure app? The app registration are different for development and production but the permissions are same.
我知道的唯一区别是,我后来添加了 Sites.Read.All 权限,而不是在
The only difference I know is that I added Sites.Read.All permission later and not when I registered the app for the production in https://apps.dev.microsoft.com/.
我正在使用Microsoft Graph客户端来获取访问令牌. 我也尝试删除所有脱机令牌,但是它不起作用.
I am using the Microsoft Graph client to get get the access token. I have also tried to delete all offline-tokens but it does not work.
如果我记得添加权限 Sites.Read.All 时没事,我收到了新的同意请求.
If I remember right when I added the permission Sites.Read.All I got a new consent request.
在应用程序中启用的权限: 电子邮件,Files.Read,Files.ReadWrite,File.ReadWrite.AppFolder,offline_access,openid,配置文件,Site.Read.All,User.Read
Permission enabled in the app: email, Files.Read, Files.ReadWrite, File.ReadWrite.AppFolder, offline_access, openid, profile, Site.Read.All, User.Read
有什么问题吗?
生产登录名:
{
typ: "JWT",
alg: "RS256",
kid: "VWVIc1WD1Tksbb301sasM5kOq5Q"
}.
{
aud: "f53962c3-2bd4-4302-adcf-49d9a93ccef0",
iss: "https://login.microsoftonline.com/GUID/v2.0",
iat: 1502142424,
nbf: 1502142424,
exp: 1502146324,
aio: "ATQAy/8DAAAAo99zdMc3jCP7sR8Zw0iKijdu1Nv2AeJOpJ65OHtXb0o8QjTm9O320mHxIAv5tWJw",
c_hash: "APreKq7N3Y0oG8SP6ipZdA",
name: "First name Last name",
nonce: "636377394901824543.ZWQ4MGVkYmEtYTMzMS00ZDUyLTgzZmYtYWFjMmRkNWRjNzhhNTAxMWUyYzItOGNhNi00N2IzLTk5MGEtMTVmYTlhYzBkNDVk",
oid: "4f64d4db-8115-4f19-8554-bedf20688226",
preferred_username: "firstname.lastname@company.com",
sub: "rxGHRTX9YHogzaC_HgOmXvoKJ0Xye6Rk5HPAjLphQRc",
tid: "34e9a1f3-23e1-4ead-b2fd-41660c25cc47",
ver: "2.0"
}.
本地登录:
{
typ: "JWT",
alg: "RS256",
kid: "VWVIc1WD1Tksbb301sasM5kOq5Q"
}.
{
aud: "36d2abdd-2363-4ff9-b597-77d41e0e3b81",
iss: "https://login.microsoftonline.com/GUID/v2.0",
iat: 1502173871,
nbf: 1502173871,
exp: 1502177771,
aio: "ATQAy/8EAAAA2JCq8vpq6La3M0KIKWw1vgJOfhDQyurYRhbCR47qSjByGzPkyZX0zi5y9uYCQS+q",
c_hash: "3JkkVwHgmYiHvR-gVdb22w",
name: "First name Last name",
nonce: "636377709651517241.MDNkOWNhYzMtYjk4NC00OTBkLWI2Y2EtYzU5NmM0NWZjOGExNWQxZmU3MTgtN2RhYS00NjVlLTkwZDgtZjIwOGY4NTcyNTZi",
oid: "4f64d4db-8115-4f19-8554-bedf20688226",
preferred_username: "firstname.lastname@company.com",
sub: "MRN4y1TZ-qG1uxrL7ozf8KbBm0VbcbH7djaKK187qH8",
tid: "34e9a1f3-23e1-4ead-b2fd-41660c25cc47",
ver: "2.0"
}.
也请阅读注释以获取更多详细信息.
推荐答案
我通过使用 http://calebb找到了错误. net/登录后的令牌.
I found the error by using http://calebb.net/ on the token after the login.
Azure应用程序注册缺少权限 Files.ReadWrite.All ,但开发人员都没有,但是权限以某种方式包含在范围中.
The Azure app registration was missing a permission, Files.ReadWrite.All but development did neither have it, but the permissions was somehow included in the scope.
在Azure中遇到问题?如果我没记错的话,我已经在应用程序注册中包含了很多权限,然后删除了其中的大多数权限,包括Files.ReadWrite.All.
Bug in Azure? If I remember correct I had included lot of permissions in the app registration and then removed most of them including Files.ReadWrite.All.
即使我的WebApp在范围和应用程序注册中未包含权限,对于每个应用程序注册,现有用户的权限Files.ReadWrite.All仍保留在范围中.这就是为什么它可以在开发环境中工作的原因.
Even when my WebApp did not include the permission in the scope and the app registration, the permission Files.ReadWrite.All was kept in the scope for existing users per app registration. Which is why it works on the development environment.
谢谢Marc LaFleur-MSFT.
Thank you Marc LaFleur - MSFT.
这篇关于Microsoft Graph,上载到共享驱动器:呼叫者未通过身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
