尝试检索 AccessToken 时出现以下错误。
/MicrosoftGraph/Authorise?error=access_denied&error_description=AADSTS65005%3a+The+client+application+has+requested+access+to+resource+%27https%3a%2f%2fgraph.microsoft.com%2f%27.+This+request+已+失败+因为++客户端+已+未+指定+此+资源+in+其+requiredResourceAccess+列表。%0d%0aTrace+ID%3a+7cd46ad3-d294-41ad-98ec-6ef06db7a0db%0d%0a相关性+ID%3a+4e2a6d3b-b3dd-4a98-b36d-550d8f8c3382%0d%0aTimestamp%3a+2016-01-27+10%3a40%3a12Z
这是... graph.microsoft.com 此请求失败,因为客户端未在其 requiredResourceAccess 列表中指定此资源
它是 Azure Active Directory 中的多租户应用程序。我可以使用我的一个电子邮件 ID 成功登录,但不能使用另一个。
我哪里错了?我错过了什么?
代码片段:
public ActionResult Login() {
....
Uri authUri = authContext.GetAuthorizationRequestURL(
MicrosoftGraphSettings.O365UnifiedAPIResource,
MicrosoftGraphSettings.ClientId,
loginRedirectUri,
UserIdentifier.AnyUser,
null);
string authUriAsString = authUri.ToString();
return Redirect(authUriAsString);
}
public async Task<ActionResult> Authorise()
{
Uri loginRedirectUri = new Uri(Url.Action("Authorise", "MicrosoftGraph", null, Request.Url.Scheme));
var authContext = new AuthenticationContext(MicrosoftGraphSettings.AzureADAuthority);
var authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(
Request.Params["code"],
loginRedirectUri,
new ClientCredential(MicrosoftGraphSettings.ClientId, MicrosoftGraphSettings.ClientSecret),
MicrosoftGraphSettings.O365UnifiedAPIResource);
}
我试过以下
public static string O365UnifiedAPIResource = @"https://graph.microsoft.com/";
//public static string O365UnifiedAPIResource = @"https://graph.windows.net/";
使用第二个,身份验证成功,但每当我使用现有代码访问 OneDrive for business 帐户中的文件列表或创建文本文件时,它都会在进行 API 调用时引发未经授权的异常。