Microsoft Graph and access without a user

2019-07-31 17:35发布

问题:

I'm trying to upload and download files in my sharepoint online using a background task (daemon) that runs frequently in my ASP.NET Core app. Because it's a background task, no user identity is used. Instead, I tried to follow this document, getting an access token using the https://graph.microsoft.com/.default scope, as well as having my enterprise app on azure having particular permissions already granted by the admin.

I'm able to get an access token using my app's client id and secret. However when I try to request the drives on a particular site on sharepoint, it just stalls, hinting me that it can't reach the path. I can reach this same path totally fine when I use my user credentials instead.

I think I may be missing a step or some azure administration-related task. Below is the code snippet that shows I can get the access token, but stalls when getting the drives.

var client = new ConfidentialClientApplication(id, uri, cred, null, new SessionTokenCache());
var authResult = await client.AcquireTokenForClientAsync(new[] {"https://graph.microsoft.com/.default"});
var token = authResult.AccessToken;  // get token successfully
var graphServiceClient = new GraphServiceClient(new DelegateAuthenticationProvider(async request => {request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token)}));
// stalls below
var drives = await graphServiceClient.Sites[<sharepoint_host>].SiteWithPath(<known_path>).Drives.Request().GetAsync(); 

Using Microsoft Graph SDK within an ASP.NET Core 2 app.

Edit: Below is an updated screenshot showing application permissions added and consented:

回答1:

Based on your image you have granted delegated permissions to the app. You need to grant application permissions. Delegated permissions only apply when acting on behalf of a user.