我正在尝试为 power bi 中的 SSAS Live Connection 报告创建嵌入令牌。作为故障排除的一部分,我遇到了一些文章,其中指出“为服务主体设置 ReadOverrideEffectiveIdentity”。 在此过程中,我按照
这些步骤验证服务主体是否具有所需的权限。 但是,当我运行以下代码时,我收到了“禁止”响应。
我运行了下面的代码以获得我想要的结果。
using System;
using System.Net.Http;
using System.Threading.Tasks;
namespace ConsoleApp1
{
class Program
{
static async Task Main(string[] args)
{
using var client = new HttpClient();
var values = new Dictionary<string, string>
{
{ "identifier", "APPLICATION ID" },
{ "datasourceAccessRight", "ReadOverrideEffectiveIdentity" }
};
var content = new FormUrlEncodedContent(values);
var response = await client.PostAsync("https://api.powerbi.com/v1.0/myorg/gateways/GATEWAYID/datasources/DATASET/users", content);
var responseString = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseString);
}
}
}
我也尝试使用以下内容,但也被禁止:
POST https://api.powerbi.com/v1.0/myorg/gateways/GATEWAYID/datasources/DATASETID/users
Request Body JSON
{
"identifier": "APPLICATION ID",
"datasourceAccessRight": "ReadOverrideEffectiveIdentity"
}
async Task<string> GetAccessTokenForPBI(string clientId, string clientSecret, string tenantId)
{
string[] scopes = new string[] { "https://analysis.windows.net/powerbi/api/.default" };
// Create a confidential client to authorize the app with the AAD app
IConfidentialClientApplication clientApp = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithClientSecret(clientSecret)
.WithAuthority(new Uri($"https://login.microsoftonline.com/{tenantId}/oauth2/token"))
.Build();
// Make a client call if Access token is not available in cache
var authenticationResult = await clientApp.AcquireTokenForClient(scopes).ExecuteAsync();
return authenticationResult.AccessToken;
}
并在您的 Web 请求的 Bearer Auth 标头中使用该令牌。