Accessing the Azure Graph API using Application Identity -

-

i'm working azure graph api, , notice can't read directories have signed via consent framework.

everything works user-level permissions. is, with

private async task<string> acquiregraphapitokenasync(string objectid, authenticationcontext authcontext) {     var result = await authcontext.acquiretokensilentasync(         graphurl, _clientcredential, new useridentifier(objectid, useridentifiertype.uniqueid));     return result.accesstoken; }

i can read client data follows:

var authority = string.format(cultureinfo.invariantculture, aadinstance, tenantid); var authcontext = new authenticationcontext(authority, new tokendbcache(userobjectid)); var graphserviceroot = graphurl + '/' + tenantid; var graphclient = new activedirectoryclient(new uri(graphserviceroot), async () => await acquiregraphapitokenasync(userobjectid, authcontext)); try {     var aduser = await graphclient.me.executeasync();     ... }

sometimes, however, want run similar process in daemon, , fall trouble. in case, need use application identity:

private void auditdirectories(clientcredential clientcredential, ienumerable<azureactivedirectory> directories) {     foreach (var directory in directories)     {         var authcontext = new authenticationcontext(string.format(cultureinfo.invariantculture, aadinstance, directory.domain));         var result = authcontext.acquiretoken(graphurl, clientcredential);         var graphserviceroot = string.format("{0}/{1}", graphurl, directory.tenantid);         var graphclient = new activedirectoryclient(new uri(graphserviceroot), () => task.fromresult(result.accesstoken));         foreach (var user in _userquery.office365users(directory))         {             checkthataccountexistsandisenabled(graphclient, user);         }     } }

the incoming clientcredential argument obtained client id , client secret of multi-tenant app.

my app has delegated permissions "read directory data" , "enable sign-on , read user's profiles". has application permissions "read directory data" , "read , write directory data", although don't need latter. however, not allow me query graph api. user queries, such as

graphclient.users.where(u => u.displayname == username).executeasync().result.currentpage.firstordefault()

throw error "insufficient privileges complete operation".

it looks delegated access user identity working without problems, access application identity failing, despite fact have set application permissions @ app level.

i think question misleading in current form. can obtain tokens both user , application identity- , can both things using both acquiretoken , acquiretokensilent. applications cans configured in directory request different privileges depending on whether access resources application identity or delegated access user identity.

in example obtaining tokens user in acquiretokensilent call , app in acquiretoken one, , different privileges configured in app 2 cases lead difference in behavior observed. however, difference dictated overloads used, not inherent difference between acquiretokensilent , acquiretoken.

you can configure app have access azure ad graph api via application permissions drop down (as opposed delegated ones) in portal, note need tenant admin able so.


Comments

Post a Comment

Popular posts from this blog

Fail to load namespace Spring Security http://www.springframework.org/security/tags -

-
i have problem namespace of spring security on xhtml page. don't understand why can't load uri, , have following issue: whitelabel error page application has no explicit mapping /error, seeing fallback. tue jul 21 16:58:12 utc 2015 there unexpected error (type=not found, status=404). please need help! possible uri has been changed? best regards you using incorrect namespace url. correct url http://www.springframework.org/schema/security the error page seeing spring source website since not recognize url. try visiting http://www.springsource.org/security/tags in browser update : spring security tags used in jsp page correct tag lib declaration is: <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
Read more

sql - MySQL query optimization using coalesce -

-
can explain me why second query faster first? (first 1 takes around 40 seconds, second 1 less 0.1) select releases.feature_code, releases.platform_id, version, release_date, general_available, uri, filesize, display_name, feature_name.full_name, if ((select exists(select 1 release_exceptions releases.feature_code = release_exceptions.feature_code , releases.platform_id = release_exceptions.platform_id , releases.version = release_exceptions.version) = 1), 1, 0) release_exceptions releases left outer join platform using(platform_id) left outer join feature_name using(feature_code) order version desc; ~~~ query 2 ------------------ ~~~ select feature_code, version, release_date, general_available, platform_id, uri, filesize, display_name, feature_name.full_name, coalesce(release_exceptions, 0) release_exceptions mus.releases left outer join ( select distinct feature_code, version, platform_id, 1 release_exceptions mus.release_exceptions ) release_exceptions using ...
Read more

unity3d - Unity local avoidance in user created world -

-
i'm using unity3d networked multiplayer online game have large complex 3d terrain scene forest, trees, cliff, hills, mountains, bounders, etc. players can build structures sort of minecraft, , put them anywhere in scene, or move them around anytime. aside human controlled players, there automated ai players , objects animals roaming around scene following path. the problem how make these automated ai players , animals, able navigate around static , dynamic player created structures, because path follow can blocked player created structures, or other players , other ai objects, cliffs etc. have find away around them or on track if tumble down off high cliff example. so made navmesh , used navagents, takes care of static, non moving objects, how make ai players navigate around each other , dynamic structures created players can number in hundreds? i thought of adding navmeshobstacle everything, result in being attached hundreds of objects since user created structures b...
Read more