问题描述

我正在尝试访问特定用户的受管设备.我编写了一个代码，该代码使用Web应用程序获取身份验证代码.我能够看到所有用户以及特定用户.但是，当我尝试访问用户的受管设备时，会出现401未经授权的错误.我已经检查了所有权限都授予了在Microsoft Graph的Azure门户中创建的Web应用程序的权限.这是我的代码:-

I am trying to access managed devices for a particular user. I have written a code which uses web app to get the authentication code.I am able to see all the users as well as a particular user. But when I try to access the managed devices for user I get 401 unauthorized error. I have checked all the permissions are granted to web app created in azure portal for Microsoft Graph. Here is my code:-

try {
    String access_token = getAccessToken();
    String url_str = "https://graph.microsoft.com/v1.0/users/{user name here}/managedDevices/";

    url = new URL(url_str);
    con = ( HttpURLConnection )url.openConnection();
    con.setDoInput(true);
    con.setDoOutput(true);
    con.setUseCaches(false);
    con.setRequestMethod("GET");
    con.setRequestProperty("Authorization", access_token);
    con.setRequestProperty("Accept","application/json");
    con.connect();

    br = new BufferedReader(new InputStreamReader( con.getInputStream() ));
    String str = null;
    String line;
    while((line = br.readLine()) != null) {
        str += line;
    }
    System.out.println(str);
} catch (Exception e) {
    e.printStackTrace();
}

令牌检索代码:-

private String getAccessToken() {
    String accessToken = "";
    try {
        ExecutorService service = Executors.newFixedThreadPool(1);
        String authorization_url = "https://login.microsoftonline.com/" + Authentication_Constants.TENANT + "/oauth2/authorize/";
        AuthenticationContext authContext = new AuthenticationContext(authorization_url, false, service);
        ClientCredential clientCred = new ClientCredential(Authentication_Constants.CLIENTID, Authentication_Constants.SECRET);
        Future<AuthenticationResult>  future = authContext.acquireToken(Authentication_Constants.RESOURCE, clientCred, null);
        AuthenticationResult authResult = future.get();
        accessToken = authResult.getAccessToken();
    } catch (Exception ex) {
        System.out.println(ex.getLocalizedMessage());
    }
    return accessToken;
}

我有什么想念的吗?谢谢！

Is there anything I am missing? Thanks!

推荐答案

我在Microsoft Intune团队工作，尤其是在Microsoft Intune和Microsoft Graph之间的集成上.

I work on the Microsoft Intune team, specifically on the integration between Microsoft Intune and Microsoft Graph.

从上面提供的代码的外观来看，您似乎正在尝试使用仅应用程序的凭据来访问API，目前Microsoft Intune API仅支持使用应用程序+用户凭据(即委派权限) .为了访问这些API，您需要以用户身份进行身份验证.

From the looks of the code you give above it looks like you are trying to use app-only credentials to access the API, at the moment the Microsoft Intune APIs only support the use of app+user credentials (i.e. Delegated permissions). In order to access these APIs you will need to authenticate as a user.

如果您查看 Intune的Microsoft Graph权限参考，所有权限均列为需要应用程序+用户凭据的委派权限.

If you take a look at the Microsoft Graph permissions reference for Intune all the permissions are listed as Delegated permissions which require app+user credentials.

如果您需要仅对Intune API的应用程序访问权限，我建议您在 Microsoft Intune反馈上添加有关您的方案的注释网站此项.

If you need to have app-only access to Intune APIs I would recommend adding comments on your scenario on the Microsoft Intune Feedback site under this item.

谢谢

彼得

这篇关于无法使用Microsoft Graph API访问Microsoft Intune中的用户设备的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！