在应用模式下通过 Microsoft Graph 访问 AD 用户 OneDrive for Business [英] Access AD users OneDrive for Businesses through Microsoft Graph in app-mode
问题描述
在应用模式下运行时,是否可以使用 Microsoft Graph API 访问用户 OneDrive for Business 文件夹和文件?
Is it possible to use the Microsoft Graph API to access a users OneDrive for Business folders and files when running in app-mode?
我已经成功地在 Azure AD 中配置了应用程序(使用证书等),我已经能够获得不记名令牌,并且我还成功地从某些端点请求数据.但是:我无法使用用户 OneDrive for Business 文件夹或文件.
I've successfully configured the app in Azure AD (with certificate, etc.), I've been able to get bearer token and I've also successfully requested data from certain endpoints. However: I am are not able to work with the users OneDrive for Business folders or files.
在其他情况下,我一直在使用服务帐户(具有完全管理权限的用户帐户)对用户 OneDrives 中的文件夹和文件执行 CRUD 操作,但这需要我检查(并设置)所有文件夹的权限和文件之前任何 CRUD 操作,并在文件和文件夹权限设置中向用户公开服务帐户.使用应用模式下的 Graph API,我认为所有这些问题都会消失?
In other cases I’ve been using a service account (a user account with full administrative privileges) to perform CRUD operations on folders and files in the users OneDrives, but this requires me to check (and set) permissions on all folders and files before any CRUD operation and also exposes the service account to the users in file and folder permission settings. With the Graph API in app-mode I assume that all these issues goes away?
我有一些有效的例子,更重要的是,一些无效的例子:
I have some examples on what works, and more importantly, some that doesen’t:
graph.microsoft.com/v1.0/users
返回没有问题的用户列表.
graph.microsoft.com/v1.0/users
Returns a list of users without issues.
graph.microsoft.com/v1.0/users/UPN-PLACEHOLDER
没有问题地返回有关指定用户的信息.
graph.microsoft.com/v1.0/users/UPN-PLACEHOLDER
Returns information about the specified user without issues.
graph.microsoft.com/v1.0/users/UPN-PLACEHOLDER/drive
返回有关指定用户驱动器的信息,没有问题.
graph.microsoft.com/v1.0/users/UPN-PLACEHOLDER/drive
Returns information about the specified users drive without issues.
graph.microsoft.com/v1.0/users/UPN-PLACEHOLDER/drive/root
返回有关指定用户驱动器根目录的信息,没有问题.
graph.microsoft.com/v1.0/users/UPN-PLACEHOLDER/drive/root
Returns information about the specified users drive root without issues.
graph.microsoft.com/v1.0/users/UPN-PLACEHOLDER/drive/root/children
未按预期返回有关指定用户驱动根子级的信息.
graph.microsoft.com/v1.0/users/UPN-PLACEHOLDER/drive/root/children
Does not return information about the specified users drive root children as expected.
graph.microsoft.com/v1.0/drives/UPN-PLACEHOLDER/root/children
未按预期返回有关指定用户驱动根子级的信息.
graph.microsoft.com/v1.0/drives/UPN-PLACEHOLDER/root/children
Does not return information about the specified users drive root children as expected.
graph.microsoft.com/v1.0/drives/DRIVE-ID-PLACEHOLDER/root/children
未按预期返回有关指定用户驱动根子级的信息.
graph.microsoft.com/v1.0/drives/DRIVE-ID-PLACEHOLDER/root/children
Does not return information about the specified users drive root children as expected.
其他说明:
- 如果我使用普通用户帐户和 «/me» 关键字登录,或者如果我使用服务帐户(具有完全管理权限)和 UPN 到其他用户帐户,但在应用模式下,所有这些端点都会按预期工作对于 UPN,所有比 root 更深层次的信息请求(即 root/children 或特定文件夹)都会返回 empy.
- 我们已尝试同时处理 SDK 抽象和纯 HTTP 请求,但均未成功.
- 我们尝试了很多不同的应用权限组合,目前所有权限都已开启
推荐答案
你不能这样做的原因是我们还没有公开任何仅限应用程序访问 OneDrive 文件的权限.这是我们正在努力并希望很快公开的事情.请继续关注我们的博文,我们会在添加此功能时通知大家.
The reason you can't do this is that we don't yet expose any app-only permissions to access OneDrive files. This is something we are working on and hope to expose very soon. Please stay tuned to our blog posts where we'll let folks know when this capability is added.
希望这会有所帮助,
这篇关于在应用模式下通过 Microsoft Graph 访问 AD 用户 OneDrive for Business的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
