问题描述
使用 Microsoft Graph API,我能够获得 Azure Active Directory 租户中所有用户的列表,并确定他们是否有个人资料图片.然后我想获取没有照片的用户列表并为他们上传一张,但是即使我使用的帐户对所有用户帐户具有完全访问权限并且应用程序设置为具有完全权限,API 也会返回 403 错误到图形 API.
Using the Microsoft Graph API I was able to get a list of all users in our Azure Active Directory tenant and determine if they have a profile picture. I wanted to then take the list of users without a photo and upload one for them, but the API returns a 403 error even though the account I'm using has full access to all of the user accounts and the application is setup with full permissions to the Graph API.
using (HttpClient client = new HttpClient())
{
client.BaseAddress = new Uri("https://graph.microsoft.com/");
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("image/jpeg"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", oauthToken);
// HTTP GET
HttpResponseMessage response = await client.PatchAsync($"v1.0/users/{emailAddress}/photo/$value", byteContent);
if (!response.IsSuccessStatusCode)
{
throw new Exception("Error!");
}
}
403 禁止
是否无法使用 Graph API 执行此操作,还是我在某处缺少权限?
Is it not possible to do this using the Graph API or am I missing a permission somewhere?
SCP 值为:Calendars.Read Calendars.ReadWrite Contacts.Read Contacts.ReadWrite Directory.AccessAsUser.All Directory.Read.All Directory.ReadWrite.All email Exchange.Manage Files.Read Files.Read.Selected Files.ReadWrite Files.ReadWrite.AppFolder Files.ReadWrite.Selected full_access_as_user Group.Read.All Group.ReadWrite.All Mail.Read Mail.ReadWrite Mail.Send MailboxSettings.ReadWrite Notes.Create Notes.Read Notes.Read.All Notes.ReadWrite Notes.ReadWrite.All Notes.ReadWrite.CreatedByApp offline_accessopenid People.Read People.ReadWrite profile Sites.Read.All Tasks.Read Tasks.ReadWrite User.Read User.Read.All User.ReadBasic.All User.ReadWrite User.ReadWrite.All
The SCP value is: Calendars.Read Calendars.ReadWrite Contacts.Read Contacts.ReadWrite Directory.AccessAsUser.All Directory.Read.All Directory.ReadWrite.All email Exchange.Manage Files.Read Files.Read.Selected Files.ReadWrite Files.ReadWrite.AppFolder Files.ReadWrite.Selected full_access_as_user Group.Read.All Group.ReadWrite.All Mail.Read Mail.ReadWrite Mail.Send MailboxSettings.ReadWrite Notes.Create Notes.Read Notes.Read.All Notes.ReadWrite Notes.ReadWrite.All Notes.ReadWrite.CreatedByApp offline_access openid People.Read People.ReadWrite profile Sites.Read.All Tasks.Read Tasks.ReadWrite User.Read User.Read.All User.ReadBasic.All User.ReadWrite User.ReadWrite.All
推荐答案
首先,您应该看一下在//Build 2016 期间发布的新 Microsoft Graph SDK这是 Microsoft Graph SDK 的 Github:https://github.com/microsoftgraph
这是我创建的完整示例,使用它:https://github.com/Mimetis/NextMeetingsForGraphSample
First of all, you should take a look at the new Microsoft Graph SDK, released during //Build 2016
Here is the Github of Microsoft Graph SDK : https://github.com/microsoftgraph
Here is a full sample I ve created, using it :
https://github.com/Mimetis/NextMeetingsForGraphSample
对于您的问题,以下是我编写的两种方法,它们对我有用:我假设,您有一种方法可以获取有效的访问令牌.
For your question, here are two methods I've written, which worked for me : I assume, you have a method to get a valid access token.
using (HttpClient client = new HttpClient())
{
var authResult = await AuthenticationHelper.Current.GetAccessTokenAsync();
if (authResult.Status != AuthenticationStatus.Success)
return;
client.DefaultRequestHeaders.Add("Authorization", "Bearer " + authResult.AccessToken);
Uri userPhotoEndpoint = new Uri(AuthenticationHelper.GraphEndpointId + "users/" + userIdentifier + "/Photo/$value");
StreamContent content = new StreamContent(image);
content.Headers.Add("Content-Type", "application/octet-stream");
using (HttpResponseMessage response = await client.PutAsync(userPhotoEndpoint, content))
{
response.EnsureSuccessStatusCode();
}
}
如果您使用 Microsoft Graph SDK,那将非常简单:)
If you use the Microsoft Graph SDK, it will be really straightforward :)
GraphServiceClient graphService = new GraphServiceClient(AuthenticationHelper.Current);
var photoStream = await graphService.Users[userIdentifier].Photo.Content.Request().PutAsync(image); //users/{1}/photo/$value
Seb
这篇关于Microsoft Graph API 更新其他用户的照片?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!