为什么是“应用程序权限"?已在Azure AD的“请求API权限"中禁用? [英] Why is "Application permissions" disabled in Azure AD's "Request API permissions"?

问题描述

我正在尝试授予控制台应用程序权限以在Azure AD中调用API.

I'm trying to give a console app permission to call an API in Azure AD.

当我转到添加权限"时，应用程序权限"显示为灰色，我只能选择授权权限".

When I go to "Add permissions," "application permissions" is grayed out and I can only select "delegated permissions."

我的理解是，应用程序权限适用于控制台应用程序，因为它在后端运行，并且用户未登录.

My understanding is that application permissions is right for the console app because it runs on the back-end and users don't sign into it.

从应用程序权限"的帮助文本中:

From the help text for "application permissions":

您的应用程序在没有登录用户的情况下作为后台服务或守护程序运行.

Your application runs as a background service or daemon without a signed-in user.

授权权限"的帮助文本:

The help text for "delegated permissions":

您的应用程序需要以登录用户身份访问API.

Your application needs to access the API as the signed-in user.

为什么禁用应用程序权限"?

Why is "application permissions" disabled?

推荐答案

根据我的理解，您将公开受Azure AD保护的自定义api.如果是这样，您需要通过编辑api应用的清单来定义应用权限.

Per my understanding, you are exposing your custom api protected by Azure AD. If so, you need to define the application permission by editing the manifest of your api app.

清单:

"appRoles": [
        {
            "allowedMemberTypes": [
                "Application"
            ],
            "description": "Apps that have this role have the ability to invoke my API",
            "displayName": "Can invoke my API",
            "id": "fc803414-3c61-4ebc-a5e5-cd1675c14bbb",
            "isEnabled": true,
            "lang": null,
            "origin": "Application",
            "value": "myTestRole"
        }
    ]

然后将显示应用程序许可权.

Then the application permission will show up.

这篇关于为什么是“应用程序权限"?已在Azure AD的“请求API权限"中禁用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！