2

我想查看几个用户的日历。因此,我需要仅限应用程序访问(因为应用程序需要比登录用户更多的权限)。

使用“旧”API,可以按照以下说明进行操作:https ://msdn.microsoft.com/en-us/office/office365/howto/building-service-apps-in-office-365

使用新的 Microsoft Graph API,这似乎不起作用。有没有办法使这项工作?我想将 Microsoft Graph API 用于我在应用程序中需要的所有 Office 365 API 函数。

提前致谢!

(编辑:包括错误消息。)

Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException:AADSTS70002:验证凭据时出错。AADSTS50012:客户端断言包含无效签名。跟踪 ID:718db531-d789-4b45-ae9d-c2e53f3786fd 相关 ID:6a157ae5-7dc3-4470-81c0-f410e14f9c04 时间戳:2015-11-27 12:40:33Z ---> System.Net.WebException:Der Remoteserver hat einen Fehler zurückgegeben:(401)Nicht autorisiert。北 System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

我给予了完整的委托和完整的应用程序权限。这是我得到的令牌:

{"token_type":"Bearer","expires_in":"3599","scope":"Calendars.Read Calendars.ReadWrite Contacts.Read Contacts.ReadWrite Directory.AccessAsUser.All Directory.Read Directory.Read.All Directory.ReadWrite.All Directory.Write Files.Read Files.Read.All Files.Read.Selected Files.ReadWrite Files.ReadWrite.All Files.ReadWrite.AppFolder Files.ReadWrite.Selected full_access_as_user Group.Read.All Group.ReadWrite.All Mail.Read Mail.ReadWrite Mail.Send Notes.Create Notes.Read Notes.Read.All Notes.ReadWrite Notes.ReadWrite.All Notes.ReadWrite.CreatedByApp offline_access openid People.Read People.ReadWrite Sites.Read.All Tasks.ReadWrite User.Read User.Read.All User.ReadBasic.All User.ReadWrite User.ReadWrite.All user_impersonation","expires_on":"1448974661","not_before":"1448970761","resource":"https://graph.microsoft.com/","pwd_exp":"582983","pwd_url":"https://portal.microsoftonline.com/ChangePassword.aspx","access_token":"eyJ---------zQXg","refresh_token":"AAABAA--------pYSAA","id_token":"eyJ0eXAi-------4wIn0."}

除了我的日历之外,我无权阅读其他日历。

编辑:我无法获得 App-Token ...这是我的代码(App-Token 在我不使用新的图形 api 之前工作过)

        string authority = appConfig["AuthorizationUri"].Replace("common", appConfig["ida:TenantId"]);
        AuthenticationContext authenticationContext = new AuthenticationContext(authority, false);
        string certfile = appConfig["o365_CertPath"];

        X509Certificate2 cert = new X509Certificate2(certfile, // password for the cert file containing private key 
                                                    appConfig["o365_CertPassword"],
                                                    X509KeyStorageFlags.MachineKeySet);

        ClientAssertionCertificate cac = new ClientAssertionCertificate(appConfig["ida:ClientId"], cert);

        AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync("https://outlook.office365.com", cac);
        this.currentAccessToken = authenticationResult.AccessToken;

我通过 AcquireTokenAsync 尝试了不同的端点。我总是收到错误消息:

{"AADSTS70002: 验证凭据时出错。AADSTS50012: 客户端断言包含无效签名。\r\n跟踪 ID: 6fe2a6bd-77d3-47a8-83d4-e10aea69b88a\r\n相关 ID: 53071578-1c16-4c17-8f77-fc5821c18d4b\r\ n时间戳:2015-12-02 08:05:25Z"}

再次感谢

4

1 回答 1

0

我有一个类似的问题。我使用的是 PnP 站点的 Create-SelfSignedCertificate.ps1。我改用 Makecert,一切正常。基本上在这里遵循理查兹的确切说明http://blogs.msdn.com/b/richard_dizeregas_blog/archive/2015/05/03/performing-app-only-operations-on-sharepoint-online-through-azure-ad.aspx

于 2016-01-29T18:41:32.353 回答