我正在尝试使用manage.office.com端点检索Exchange审核日志。
这是代码:
public class ExchangeAuditLogReaderHelper
{
private readonly string _tenantId;
private readonly string _clientId;
private readonly string _clientSecret;
private readonly string _apiUrl = "https://manage.office.com/api/v1.0/{0}/activity/feed/subscriptions/content?contentType=Audit.Exchange&startTime={1:yyyy-MM-dd'T'HH:mm:ss}&endTime={2:yyyy-MM-dd'T'HH:mm:ss}";
public ExchangeAuditLogReaderHelper(string tenantId, string clientId, string clientSecret)
{
_tenantId = tenantId;
_clientId = clientId;
_clientSecret = clientSecret;
}
public async Task<string> GetAuditLogsAsync(DateTime startTime, DateTime endTime)
{
var accessToken = await GetAccessToken();
var url = string.Format(_apiUrl, _tenantId, startTime, endTime);
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var response = await client.GetAsync(url);
if (response.IsSuccessStatusCode)
{
var contentString = await response.Content.ReadAsStringAsync();
// Parse the JSON response and extract audit log entries (implementation omitted)
return contentString;
}
else
{
throw new Exception($"Error retrieving audit logs: {response.StatusCode}");
}
}
}
private async Task<string> GetAccessToken()
{
var authority = $"https://login.microsoftonline.com/{_tenantId}";
var authenticationContext = new AuthenticationContext(authority);
var clientCredential = new ClientCredential(_clientId, _clientSecret);
var userAssertion = await authenticationContext.AcquireTokenAsync("https://manage.office.com", clientCredential);
return userAssertion.AccessToken;
}
}
我已完成以下步骤:
我使用创建的值运行代码,但收到 401。我是否缺少此权限?
如果您授予的委托类型的权限不适用于仅应用程序流程,则可能会出现错误。
最初,当我在应用程序中授予委托权限并尝试像这样调用API时,我也遇到了同样的错误:
当我在 jwt.ms 中解码此访问令牌时,它没有
roles
声明:
要解决该错误,请确保在使用 app-only 流时授予 Application 类型的权限:
当我在授予 Application 类型的权限后运行下面的代码时,我得到了响应 (空白,因为我没有任何响应):
using System.Net.Http.Headers;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
public class ExchangeAuditLogReaderHelper
{
private readonly string _tenantId;
private readonly string _clientId;
private readonly string _clientSecret;
private readonly string _apiUrl = "https://manage.office.com/api/v1.0/{0}/activity/feed/subscriptions/content?contentType=Audit.Exchange&startTime={1:yyyy-MM-dd'T'HH:mm:ss}&endTime={2:yyyy-MM-dd'T'HH:mm:ss}";
public ExchangeAuditLogReaderHelper(string tenantId, string clientId, string clientSecret)
{
_tenantId = tenantId;
_clientId = clientId;
_clientSecret = clientSecret;
}
public async Task<string> GetAuditLogsAsync(DateTime startTime, DateTime endTime)
{
var accessToken = await GetAccessToken();
var url = string.Format(_apiUrl, _tenantId, startTime, endTime);
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var response = await client.GetAsync(url);
if (response.IsSuccessStatusCode)
{
var contentString = await response.Content.ReadAsStringAsync();
return contentString;
}
else
{
var statusCode = (int)response.StatusCode;
var errorMessage = await response.Content.ReadAsStringAsync();
throw new Exception($"Error retrieving audit logs. Status code: {statusCode}. Error Message: {errorMessage}");
}
}
}
private async Task<string> GetAccessToken()
{
var authority = $"https://login.microsoftonline.com/{_tenantId}";
var authenticationContext = new AuthenticationContext(authority);
var clientCredential = new ClientCredential(_clientId, _clientSecret);
var userAssertion = await authenticationContext.AcquireTokenAsync("https://manage.office.com", clientCredential);
// Print the access token to the console
Console.WriteLine("Access Token: " + userAssertion.AccessToken);
return userAssertion.AccessToken;
}
}
class Program
{
static async Task Main(string[] args)
{
// Replace these with your actual values
var tenantId = "tenantId";
var clientId = "appId";
var clientSecret = "secret";
var helper = new ExchangeAuditLogReaderHelper(tenantId, clientId, clientSecret);
// Specify start and end time as required
var startTime = DateTime.UtcNow.AddDays(-1);
var endTime = DateTime.UtcNow;
try
{
var logs = await helper.GetAuditLogsAsync(startTime, endTime);
Console.WriteLine(logs);
}
catch (Exception ex)
{
Console.WriteLine($"\n{ex.Message}");
}
}
}
回复:
您还可以在 jwt.ms 中解码此访问令牌并检查
roles
声明值以了解 permission 的令牌具有哪些内容: