无法使用Microsoft Graph API更新Azure AD密码。

huangapple go评论99阅读模式
英文:

Cannot update Azure AD password with Microsoft Graph API

问题

以下是用于执行“PATCH”请求以更新用户密码的请求示例代码:

var token = TokenHelper.GetToken().AccessToken;
var client = new RestClient("https://graph.microsoft.com/v1.0/users/" + person.UserPrincipalName);
client.Timeout = -1;
var request = new RestRequest(Method.PATCH);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer " + token);
request.AddParameter("application/json", "{
  \"passwordProfile\": {
    \"password\": \"" + person.NewPassword + "\"
  }
}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

如果我输入复杂密码,我会收到以下响应:

{
  "error": {
    "code": "Request_BadRequest",
    "message": "一个或多个属性包含无效值。",
    "innerError": {
      "request-id": "5d97b465-7b27-4328-b0d9-4e9112f2257e",
      "date": "2020-01-03T16:57:35"
    }
  }
}

如果我输入简单密码,我会收到以下响应:

{
  "error": {
    "code": "Request_BadRequest",
    "message": "指定的密码不符合密码复杂性要求。请提供不同的密码。",
    "innerError": {
      "request-id": "986fd0da-90d4-45c7-ba74-1ba2bec61956",
      "date": "2020-01-03T17:05:15"
    }
  }
}

如果我不输入密码,我的响应将是“204 No Content(成功)”,如果我更新其他字段(例如“mobileNumber”),它将正常工作。

英文:

The following is the request I'm using for the PATCH request for updating a user's password.

var token = TokenHelper.GetToken().AccessToken;
var client = new RestClient("https://graph.microsoft.com/v1.0/users/" + person.UserPrincipalName);
client.Timeout = -1;
var request = new RestRequest(Method.PATCH);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer " + token);
request.AddParameter("application/json", "{\n\"passwordProfile\": {\n \"password\": \"" + person.NewPassword + "\"\n}\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

If I type a complex password I get:

{
  "error": {
    "code": "Request_BadRequest",
    "message": "One or more properties contains invalid values.",
    "innerError": {
      "request-id": "5d97b465-7b27-4328-b0d9-4e9112f2257e",
      "date": "2020-01-03T16:57:35"
    }
  }
}

If I type a simple password I get:

{
  "error": {
    "code": "Request_BadRequest",
    "message": "The specified password does not comply with password complexity requirements. Please provide a different password.",
    "innerError": {
      "request-id": "986fd0da-90d4-45c7-ba74-1ba2bec61956",
      "date": "2020-01-03T17:05:15"
    }
  }
}

If I type no password my response is a 204 No Content (success) and it is working fine if I update other fields(i.e. mobileNumber).

答案1

得分: 1

为了更改用户的密码,您需要使用授权码或隐式OAuth授权进行身份验证。此外,您需要请求委托范围 Directory.AccessAsUser.All。根据文档

在更新 passwordProfile 属性时,需要以下权限:Directory.AccessAsUser.All

您还应将 forceChangePasswordNextSignIn 设置为 true

英文:

In order to change a user's password, you need to authenticate using either the Authorization Code or Implicit OAuth grant. In addition, you need to request the delegated scope Directory.AccessAsUser.All. From the documentation:

> When updating the passwordProfile property, the following permission is required: Directory.AccessAsUser.All.

You should also set forceChangePasswordNextSignIn to true.

huangapple
  • 本文由 发表于 2020年1月4日 01:08:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/59582558.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定