Change Password for Azure AD using Microsoft Graph

2019-01-20 17:49发布

问题:

I was planning to use Azure AD Graph API but then noticed on the Microsoft docs about suggestions to use Microsoft Graph API.

Is there a documentation provided for changing a user's password?

string result = Task.Run(async() => { return await GetAccessToken(); }).GetAwaiter().GetResult();

var graphserviceClient = new GraphServiceClient(
    new DelegateAuthenticationProvider(
        (requestMessage) =>
        {
            requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", result);

            return Task.FromResult(0);
        }));

var changePasswordRequest = graphserviceClient.Me.ChangePassword("oldpassword", "newpassword");

However I don't think this is sufficient. Any documentation available?

回答1:

You could update passwordProfile property to change the current user's password . Please refer to below code :

await graphClient.Me.Request().UpdateAsync(new User
{
    PasswordProfile = new PasswordProfile
    {
        Password = "YourPassword",
            ForceChangePasswordNextSignIn = false
    },
});

And according to documentation, one of the following scopes is required to execute this API: User.ReadWrite User.ReadWrite.All Directory.ReadWrite.All.

Edit: The documentation has been updated with the following note:

When updating the passwordProfile property, the following scope is required: Directory.AccessAsUser.All.



回答2:

See here:

https://blogs.msdn.microsoft.com/aaddevsup/2018/10/17/unable-to-modify-user-email-phone-number-password-or-other-personal-information-for-azure-active-directory-users/

If you call this from an app/api, you'll need to assign an AD role to the serviceprincipal of the application.