Insufficient privileges to complete the operation

2019-02-15 06:15发布

Following the code outlined here:

https://github.com/Azure-Samples/active-directory-dotnet-graphapi-console/blob/master/GraphConsoleAppV3/Program.cs#L810

but using a Service Principal to authenticate one will get a Insufficient Privileges error when trying to create the application on

client.Applications.AddApplicationAsync(appObject).Wait();

with token exchange like the following:

var context = new AuthenticationContext($"https://login.microsoftonline.com/{tenantId}");
var token = context.AcquireToken("https://graph.windows.net", new ClientCredential(clientId, secret));    
var client = new ActiveDirectoryClient(new Uri($"https://graph.windows.net/{tenantId}"),()=>Task.FromResult(token.AccessToken));

1条回答
Emotional °昔
2楼-- · 2019-02-15 06:31

its required that the application has been given the Administrator role that currently seem only possible to add using the powershell tools for azure AD: https://msdn.microsoft.com/library/azure/jj151815.aspx#bkmk_installmodule

and using connect-msolservice and using your Azure Ad Administrator user login when prompted.

  1. connect-msolservice
  2. Get-MsolServicePrincipal –AppPrincipalId {appId}
  3. Add-MsolRoleMember -RoleMemberType ServicePrincipal -RoleName 'Company Administrator' -RoleMemberObjectId {objectID}

where the objectID is the output of the 2 command

查看更多
登录 后发表回答