EWS错误消息:"403:禁止-范围不足" [英] EWS error message: "403: Forbidden - Not enough scopes"
问题描述
上周,我在这里对EWS提出了一个问题,并在错误消息中说:
Last week I made a question in here about EWS, where I got the error message saying:
401:未经授权-无效的访问令牌
401: Unauthorized - Invalid access token
我设法通过使用X.509证书而不是客户端凭据(AAD的客户端ID和客户端密码)解决了此错误.现在,通过使用证书,我收到一条新的错误消息,内容为:
I managed to resolve this error by using an X.509 certificate instead of client credentials (client id abnd client secret from AAD). Now, with the use of the certificate, I receive a new error message saying:
403:禁止-作用域不足
403: Forbidden - not enough scopes
我相信这与AAD中的权限有关吗?
I believe this has something to do with the permissions in AAD?
我的权限如下(只有一个权限):
I permissions are as follow (only one permission):
应用程序权限:从所有邮箱读取和写入电子邮件
Application Permissions: Read and write email from all mailboxes
我如何获得访问令牌:
//Create the certificate file, using the path (certFile), password (certPassword) and the MachineKeySet
X509Certificate2 cert = new X509Certificate2(certFile, certPassword, X509KeyStorageFlags.MachineKeySet);
//Create the ClientAssertionCertificate using the clientID and the actual certificate
ClientAssertionCertificate cac = new ClientAssertionCertificate(clientID, cert);
//Retreive the access token using the serverName and client assertion
authenticationResult = authenticationContext.AcquireToken(serverName, cac);
//authenticationResult = authenticationContext.AcquireToken(serverName, cc);
ExchangeService exchange = new ExchangeService(ExchangeVersion.Exchange2013);
exchange.Url = new Uri(serverName + "ews/exchange.asmx");
exchange.TraceEnabled = true;
exchange.TraceFlags = TraceFlags.All;
exchange.Credentials = new OAuthCredentials(authenticationResult.AccessToken);
像这样调用FindItems方法时:
ItemView view = new ItemView(5);
view.PropertySet = new PropertySet(BasePropertySet.IdOnly);
var tempId = id.Replace('-', '/').Replace('_', '+');
SearchFilter.IsEqualTo searchid = new SearchFilter.IsEqualTo(ItemSchema.Id, tempId);
// This results in a FindItem call to EWS.
FindItemsResults<Microsoft.Exchange.WebServices.Data.Item> results = exchange.FindItems(WellKnownFolderName.Inbox, searchid, view);
出现错误.
有人可以解释导致这种错误的原因吗?
Could someone explain what could cause this sort of error?
推荐答案
仅Office 365 REST API支持粒度访问,例如从所有邮箱读取和写入电子邮件".对于EWS,需要权限使用对所有邮箱具有完全访问权限的Exchange Web服务".如果您在查找此权限时遇到问题,请告诉我们.
Only Office 365 REST APIs support granular access such as "Read and write email from all mailboxes". For EWS, you need the permission "Use Exchange Web Services with full access to all mailboxes". Let us know if you have trouble finding this permission.
这篇关于EWS错误消息:"403:禁止-范围不足"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
