我正在尝试通过 MVC Web 应用程序中的 Office365 应用程序下载电子邮件。我正在努力在 Azure Active Directory 上配置应用程序权限。权限说:“阅读所有邮箱中的邮件”,但是我想选择它可以访问/读取哪些邮箱。
有谁知道如何更具体地在 AAD 中设置权限?谢谢你的帮助。
string authority = "https://login.microsoftonline.com/" + SettingsHelper.TenantId + "/oauth2/token";
var credential = new ClientCredential(SettingsHelper.ClientId, SettingsHelper.ClientSecret);
AuthenticationContext authContext = new AuthenticationContext(authority);
var authResult = await authContext.AcquireTokenAsync("https://graph.microsoft.com", credential);
var graphserviceClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
(requestMessage) =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", authResult.AccessToken);
return Task.FromResult(0);
}));
//This is Ok. I want to read this.
var allowedEmails = await graphserviceClient.Users["xxx@mydom.com"].Messages.Request().GetAsync();
//This is forbidden. I want to restrict this on AAD level. …authorization office365-apps azure-active-directory azure-ad-graph-api