限制Office365应用"在所有邮箱和QUOT阅读邮件;允许特定邮箱 [英] Restrict Office365 App "Read mail in All mailboxes" permission to specific mailbox
问题描述
我想通过MVC的Web应用程序Office365应用下载电子邮件。我正与Azure上的活动目录配置的应用权限挣扎。许可说:读邮件的所有邮箱,不过我想选择哪些邮箱可以访问/读取。
I'm trying to download emails through Office365 app in MVC web app. And I'm struggling with configuring app permissions on Azure Active directory. Permission says: "Read mail in All mailboxes" however I want to choose which mailboxes it can access/read.
有谁知道浩是在AAD设置的权限更具体的?感谢您的帮助。
Does anyone know ho to be more specific in setting up permissions in AAD? Thanks for any help.
string authority = "https://login.microsoftonline.com/" + SettingsHelper.TenantId + "/oauth2/token";
var credential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
AuthenticationContext authContext = new AuthenticationContext(authority);
var authResult = await authContext.AcquireTokenAsync("https://graph.microsoft.com", credential);
var graphserviceClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
(requestMessage) =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", authResult.AccessToken);
return Task.FromResult(0);
}));
//This is Ok. I want to read this.
var allowedEmails = await graphserviceClient.Users["xxx@mydom.com"].Messages.Request().GetAsync();
//This is forbidden. I want to restrict this on AAD level.
var dissabledEmails = await graphserviceClient.Users["yyy@mydom.com"].Messages.Request().GetAsync();
![在这里输入的形象描述](\"http://i.stack.imgur.com/Sx8Mb.jpg\")
![在这里输入的形象描述](\"http://i.stack.imgur.com/ZB5bH.jpg\")
推荐答案
其中使用了客户端证书流来验证不支持限制应用程序读取特定的电子邮件应用程序。
The app which used the Client Credential flow to authenticate doesn't support the restrict the app to read the specific emails.
但是,你不介意分享你正在工作的场景?在客户端证书流用于自信应用,这意味着应用程序工作在一个安全的环境。没有恶意用户可以得到令牌来访问你不希望发布的信息。所以,你可以限制自己的应用程序资源。希望它是有帮助的。
But would you mind share the scenario you are working? The Client Credential flow is used for the confident app which means the app is working in a safe environment. There is no malicious user could get the token to access the information you don't want to publish. So you can just limit the resource in your own app. Hope it is helpful.
这篇关于限制Office365应用"在所有邮箱和QUOT阅读邮件;允许特定邮箱的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
