英文:
Cannot update Azure AD password with Microsoft Graph API
问题
以下是用于执行“PATCH”请求以更新用户密码的请求示例代码:
var token = TokenHelper.GetToken().AccessToken;
var client = new RestClient("https://graph.microsoft.com/v1.0/users/" + person.UserPrincipalName);
client.Timeout = -1;
var request = new RestRequest(Method.PATCH);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer " + token);
request.AddParameter("application/json", "{
\"passwordProfile\": {
\"password\": \"" + person.NewPassword + "\"
}
}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
如果我输入复杂密码,我会收到以下响应:
{
"error": {
"code": "Request_BadRequest",
"message": "一个或多个属性包含无效值。",
"innerError": {
"request-id": "5d97b465-7b27-4328-b0d9-4e9112f2257e",
"date": "2020-01-03T16:57:35"
}
}
}
如果我输入简单密码,我会收到以下响应:
{
"error": {
"code": "Request_BadRequest",
"message": "指定的密码不符合密码复杂性要求。请提供不同的密码。",
"innerError": {
"request-id": "986fd0da-90d4-45c7-ba74-1ba2bec61956",
"date": "2020-01-03T17:05:15"
}
}
}
如果我不输入密码,我的响应将是“204 No Content(成功)”,如果我更新其他字段(例如“mobileNumber”),它将正常工作。
英文:
The following is the request I'm using for the PATCH request for updating a user's password.
var token = TokenHelper.GetToken().AccessToken;
var client = new RestClient("https://graph.microsoft.com/v1.0/users/" + person.UserPrincipalName);
client.Timeout = -1;
var request = new RestRequest(Method.PATCH);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer " + token);
request.AddParameter("application/json", "{\n\"passwordProfile\": {\n \"password\": \"" + person.NewPassword + "\"\n}\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
If I type a complex password I get:
{
"error": {
"code": "Request_BadRequest",
"message": "One or more properties contains invalid values.",
"innerError": {
"request-id": "5d97b465-7b27-4328-b0d9-4e9112f2257e",
"date": "2020-01-03T16:57:35"
}
}
}
If I type a simple password I get:
{
"error": {
"code": "Request_BadRequest",
"message": "The specified password does not comply with password complexity requirements. Please provide a different password.",
"innerError": {
"request-id": "986fd0da-90d4-45c7-ba74-1ba2bec61956",
"date": "2020-01-03T17:05:15"
}
}
}
If I type no password my response is a 204 No Content (success) and it is working fine if I update other fields(i.e. mobileNumber).
答案1
得分: 1
为了更改用户的密码,您需要使用授权码或隐式OAuth授权进行身份验证。此外,您需要请求委托范围 Directory.AccessAsUser.All。根据文档:
在更新
passwordProfile属性时,需要以下权限:Directory.AccessAsUser.All。
您还应将 forceChangePasswordNextSignIn 设置为 true。
英文:
In order to change a user's password, you need to authenticate using either the Authorization Code or Implicit OAuth grant. In addition, you need to request the delegated scope Directory.AccessAsUser.All. From the documentation:
> When updating the passwordProfile property, the following permission is required: Directory.AccessAsUser.All.
You should also set forceChangePasswordNextSignIn to true.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论