如何使用具有应用程序权限的 Micosoft Graph v1.0 正确创建在线会议?我收到禁止回复

本文介绍了如何使用具有应用程序权限的 Micosoft Graph v1.0 正确创建在线会议?我收到禁止回复的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

是否有人成功地使用 CreateOrGet 对 Microsoft Graph v1.0 的请求来使用应用程序权限创建在线会议?我在 Azure 门户上创建了应用程序，并使用客户端 ID 和机密声明并初始化 GraphServiceClient.

我有一个服务(Hangfire Server)，它在没有用户交互的情况下执行后台和不同步的进程和通知.其中一项功能是让此服务器将带有嵌入式链接的组织通信发送到在线团队会议.为此，我正在尝试使用客户端凭据流

我的令牌中有以下权限:

角色":[OnlineMeetings.Read.All"，OnlineMeetings.ReadWrite.All"，用户.读取.全部"],

第一列有删减的权限名称，但是必要的delegate和应用权限都在那里，虽然前几天截图没有包括User.Read.All的应用权限.我已获得管理员对应用程序权限的同意.您看到的名称是目录名称.

我正在使用带有以下代码的客户端凭据提供程序:

//客户端凭据-应用app = ConfidentialClientApplicationBuilder.Create(config.Value.ClientId).WithTenantId(config.Value.Tenant).WithClientSecret(config.Value.ClientSecret).建造();var scopes = new string[] { "graph.microsoft/.default";};graphClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) =>{//检索 Microsoft Graph 的访问令牌(如果需要，获取新令牌).authResult = 等待应用.AcquireTokenForClient(范围).ExecuteAsync();//在 API 请求的 Authorization 标头中添加访问令牌.requestMessage.Headers.Authorization =new AuthenticationHeaderValue(Bearer", authResult.AccessToken);_logger.LogInformation("GraphClient 中包含的令牌:"+ authResult.AccessToken);}));OnlineMeeting onlineMeeting = new OnlineMeeting() {.....}var user = await graphClient.Users[{userPrincipalName}].Request().GetAsync();//<-- 这适用于 User.Read.All 权限_logger.LogInformation("用户:" + JsonConvert.SerializeObject(user, serializerSettings));string meetingId = Guid.NewGuid().ToString();OnlineMeeting createdMeeting = await graphClient.Users[user.Id].OnlineMeetings.CreateOrGet(meetingId, null, onlineMeeting.EndDateTime,onlineMeeting.Participants, onlineMeeting.StartDateTime,onlineMeeting.Subject).Request().PostAsync();//<-- 这不起作用，我收到了 ServiceException

这是我得到的错误:

状态码:禁止响应体:{错误":{代码":禁止"，消息":应用程序无权代表该用户创建或获取在线会议.",内部错误":{日期":2021-03-26T15:55:22"，请求 ID":6e8466cb-807a-44df-93bf-27d42c413e44"，客户端请求 ID":6e8466cb-807a-44df-93bf-27d42c413e44"}}}

是否有任何关于可能是什么问题的线索?

解决方案

您可能错过了以下文档中提到的注释:

文档:docs.microsoft/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http

创建应用程序访问策略步骤:docs.microsoft/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http>

Has anyone successfully used the CreateOrGet request to Microsoft Graph v1.0 to create an Online Meeting using Application permissions? I had the Application created on the Azure Portal, and with the client id and secret declare and initialize the GraphServiceClient.

I have a service(Hangfire Server) which without user interaction does background and out of sync processes and notifications. One of the features is for this server to send organizational communications with embedded links to online Teams meetings. For this, I'm trying to use Client Credential flow

I have the following permissions in my token:

"roles": [ "OnlineMeetings.Read.All", "OnlineMeetings.ReadWrite.All", "User.Read.All" ],

The first column has the names of the permissions cut, but the necessary delegate and application permissions are all there, although the screenshot taken a couple of days ago doesn't include the application permission for User.Read.All. I have the Admin's consent on the Application permissions. The name you see painted out is the Directory name.

I'm using the Client Credentials Provider with the following code:

//Client Credentials - Application app = ConfidentialClientApplicationBuilder .Create(config.Value.ClientId) .WithTenantId(config.Value.Tenant) .WithClientSecret(config.Value.ClientSecret) .Build(); var scopes = new string[] { "graph.microsoft/.default" }; graphClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => { // Retrieve an access token for Microsoft Graph (gets a fresh token if needed). authResult = await app .AcquireTokenForClient(scopes) .ExecuteAsync(); // Add the access token in the Authorization header of the API request. requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken); _logger.LogInformation("Token included in GraphClient: " + authResult.AccessToken); }) ); OnlineMeeting onlineMeeting = new OnlineMeeting() {.....} var user = await graphClient.Users[{userPrincipalName}].Request().GetAsync(); //<-- This works with the User.Read.All permission _logger.LogInformation("User: " + JsonConvert.SerializeObject(user, serializerSettings)); string meetingId = Guid.NewGuid().ToString(); OnlineMeeting createdMeeting = await graphClient.Users[user.Id].OnlineMeetings.CreateOrGet(meetingId, null, onlineMeeting.EndDateTime, onlineMeeting.Participants, onlineMeeting.StartDateTime,onlineMeeting.Subject).Request().PostAsync(); //<-- This doesn't work, and I'm getting a ServiceException

This is the error I get:

StatusCode: Forbidden ResponseBody: { "error": { "code": "Forbidden", "message": "Application does not have permission to CreateOrGet online meeting on behalf of this user.", "innerError": { "date": "2021-03-26T15:55:22", "request-id": "6e8466cb-807a-44df-93bf-27d42c413e44", "client-request-id": "6e8466cb-807a-44df-93bf-27d42c413e44" } } }

Any clues as to what might be the problem?

解决方案

You might have missed below note which is mentioned in documentation:

Documentation: docs.microsoft/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http

Create application access policy steps: docs.microsoft/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http