我正在使用 Azure AD 中的应用程序身份并授予读写权限，我还运行了 Grant-CsApplicationAccessPolicy，以便应用程序身份有权代表 Azure AD 中的真实用户身份创建在线会议

I'm using an application identity from Azure AD with both read write permission granted, I've also run the Grant-CsApplicationAccessPolicy so that the application identity has right to create online meeting on behalf of a real user identity from Azure AD

我知道我的设置适用于从图形 api 获取用户.但是，运行以下命令后出现错误:

I know my setup works with get user from the graph api. However, I'm getting error after running the following:

            var confidentialClient = ConfidentialClientApplicationBuilder
                .Create(clientId)
                .WithAuthority($"https://login.microsoftonline.com/{tenantId}/v2.0")
                .WithClientSecret(clientSecret)
                .Build();

            GraphServiceClient graphServiceClient =
                new GraphServiceClient("https://graph.microsoft.com/beta", new DelegateAuthenticationProvider(async (requestMessage) =>
                {

                        var authResult = await confidentialClient
                            .AcquireTokenForClient(scopes)
                            .ExecuteAsync();

                        requestMessage.Headers.Authorization =
                            new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
                })
                    );

                var onlineMeeting = new OnlineMeeting
                {
                    StartDateTime = DateTimeOffset.Parse("2020-12-25T21:30:34.2444915+00:00"),
                    EndDateTime = DateTimeOffset.Parse("2020-12-25T22:00:34.2464912+00:00"),
                    Subject = "User Token Meeting 1"
                    
                };

                var meetingInstance = await graphServiceClient.Me.OnlineMeetings
                    .Request()
                    .AddAsync(onlineMeeting);

错误信息如下，为什么会显示User lookup by user id failed in AAD?

The error message is as follow, why would it say User look up by user id failed in AAD?

状态:未找到 (404)OperationId:8d06ff01-1dc3-49d1-9ced-9db6a919b162

Status: NotFound (404) OperationId: 8d06ff01-1dc3-49d1-9ced-9db6a919b162

ClientCorrelationId:53b4478e-ba86-48ca-bb5b-25e5ef50c187

ClientCorrelationId: 53b4478e-ba86-48ca-bb5b-25e5ef50c187

服务器错误:在 AAD 中按用户 ID 查找用户失败.

Server error: User lookup by user id failed in AAD.

客户端异常:处理 HTTP 请求导致异常.有关详细信息，请参阅此异常的响应"属性返回的 HTTP 响应.

Client exception: Processing of the HTTP request resulted in an exception. Please see the HTTP response returned by the 'Response' property of this exception for details.

内部错误:

附加数据:

日期:2020-12-16T21:08:31

date: 2020-12-16T21:08:31

请求 ID:d60858cf-5ef5-4a0d-8d67-181f80ed6c35

request-id: d60858cf-5ef5-4a0d-8d67-181f80ed6c35

客户端请求 ID:d60858cf-5ef5-4a0d-8d67-181f80ed6c35

client-request-id: d60858cf-5ef5-4a0d-8d67-181f80ed6c35

ClientRequestId:d60858cf-5ef5-4a0d-8d67-181f80ed6c35

ClientRequestId: d60858cf-5ef5-4a0d-8d67-181f80ed6c35

在 Microsoft.Graph.HttpProvider.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancelToken)在 Microsoft.Graph.BaseRequest.SendRequestAsync(对象可序列化对象，CancellationToken 取消令牌，HttpCompletionOption 完成选项)在 Microsoft.Graph.BaseRequest.SendAsync[T](对象可序列化对象，CancellationToken 取消令牌，HttpCompletionOption 完成选项)在 D:VSTSmsteamMSTeamMSTeamProgram.cs: 62 行中的 MSTeam.Program.Main(String[] args) 处

at Microsoft.Graph.HttpProvider.SendAsync(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken) at Microsoft.Graph.BaseRequest.SendRequestAsync(Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption) at Microsoft.Graph.BaseRequest.SendAsync[T](Object serializableObject, CancellationToken cancellationToken, HttpCompletionOption completionOption) at MSTeam.Program.Main(String[] args) in D:VSTSmsteamMSTeamMSTeamProgram.cs:line 62

推荐答案

Dev 是正确的.

基于此 文档:

使用应用程序令牌时的请求:POST/users/{userId}/onlineMeetings.

Request when using an application token: POST /users/{userId}/onlineMeetings.

所以你应该在这里使用 graphServiceClient.Users["{userId}"].OnlineMeetings 而不是 graphServiceClient.Me.OnlineMeetings.

So you should use graphServiceClient.Users["{userId}"].OnlineMeetings instead of graphServiceClient.Me.OnlineMeetings here.

userId 是用户的对象ID.当您 配置应用访问策略，您需要将该策略授予用户:

userId is the object ID of a user. When you Configure application access policy, you need to grant the policy to the user:

Grant-CsApplicationAccessPolicy -PolicyName Test-policy -Identity "ddb80e06-92f3-4978-bc22-a0eee85e6a9e"

ddb80e06-92f3-4978-bc22-a0eee85e6a9e 正是 userId.

我的代码供你参考:

        // Configure the MSAL client as a confidential client
        var confidentialClient = ConfidentialClientApplicationBuilder
            .Create("{client_id}")
            .WithTenantId("{tenant_id}")
            .WithClientSecret("{client_secret}")
            .Build();

        ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClient);

        GraphServiceClient graphServiceClient = new GraphServiceClient(authProvider);

        var onlineMeeting = new OnlineMeeting
        {
            StartDateTime = DateTimeOffset.Parse("2021-01-12T21:30:34.2444915+00:00"),
            EndDateTime = DateTimeOffset.Parse("2021-01-12T22:00:34.2464912+00:00"),
            Subject = "User Token Meeting123"
        };

        var meeting = await graphServiceClient.Users["{userId}"].OnlineMeetings
            .Request()
            .AddAsync(onlineMeeting);