Therefore, if you signed in to the Azure portal with a Microsoft account and have never created a user account in your directory before, you need to do that now. This sample will not work with a Microsoft account (formerly Windows Live account).
A user account in your Azure AD tenant. For more information on how to get an Azure AD tenant, see How to get an Azure AD tenant 
An Azure Active Directory (Azure AD) tenant. 
Looking for previous versions of this code sample? Check out the tags on the releases GitHub page.
Developers who wish to gain good familiarity of programming for Microsoft Graph are advised to go through the An introduction to Microsoft Graph for developers recorded session. In this way, any Microsoft business user can sign up for the application without contacting their tenant administrator, and the tenant administrator is only involved when absolutely necessary.įor more information on the concepts used in this sample, be sure to read the Permissions and consent in the Microsoft identity platform endpoint. Then, when the user tries to read a list of groups in the user's organization, it will ask the administrator for the necessary admin restricted permission. It uses an incremental consent pattern, in which it first requests consent for a basic set of permission that an ordinary user can consent to themselves like the ability to read a list of users in the user's organization. The app is built as an ASP.NET 4.5 MVC application, using the OWIN OpenID Connect middleware to sign-in users and uses the Microsoft Authentication Library (MSAL)] to perform token acquisition. 
This sample application shows how to use the Microsoft identity platform endpoint to access data in the Microsoft Graph that requires consent for permissions that have an administrative scope. For this reason, some permissions are considered admin restricted, and require a tenant administrator to approve their use in applications. Yet there are many valid reasons why applications need to perform these actions for their customers. Active-directory-dotnet-admin-restricted-scopes-v2īuild an app with admin restricted scopes using the Microsoft identity platform endpointĬertain actions in the Azure Active Directory tenant are considered highly sensitive, such as deleting a user from the tenant, creating and managing applications, listing and assigning users to security groups.
0 kommentar(er)
