寻找 Graph 调用来触发 O365 Admin 上的“重置密码”功能。并选中“通过电子邮件将登录信息发送给我”标记,以便我收到密码。我试图环顾四周,但似乎找不到解决方案。
目前使用它来重置密码,但我想看看上述问题是否可行。
PASSWORD=$(openssl rand -base64 12)
"passwordProfile": {
"forceChangePasswordNextSignIn": true,
"password": "'"$PASSWORD"'"
Graph API 不直接支持在重置用户密码时将登录信息发送到多个电子邮件地址。但是,您可以通过将密码重置操作与使用 Graph Api 发送电子邮件相结合来存档此内容。
首先,您需要启用
User.ReadWrite.All
、Mail.Send
和 UserAuthenticationMethod.ReadWrite.All
权限。
第1步:重置用户密码
HTTP 方法:
PATCH
请求网址:https://graph.microsoft.com/v1.0/users/{id}
请求标头:`授权:持有者 {access_token}
请求正文:
{
"passwordProfile": {
"forceChangePasswordNextSignIn": true,
"password": "{new_password}"
}
}
第2步: HTTP 方法:
POST
请求网址:https://graph.microsoft.com/v1.0/me/sendMail
请求标头:
Authorization: Bearer {access_token}
请求正文:
{
"message": {
"subject": "Your password has been reset",
"body": {
"contentType": "Text",
"content": "Your new password is: {new_password}"
},
"toRecipients": [
{
"emailAddress": {
"address": "{email_address}"
}
}
]
},
"saveToSentItems": "true"
}
这是使用
C#
的示例
using Microsoft.Graph;
using System;
using System.Net.Http.Headers;
using System.Threading.Tasks;
public class GraphService
{
private GraphServiceClient _graphServiceClient;
public GraphService(string accessToken)
{
_graphServiceClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
(requestMessage) =>
{
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
return Task.FromResult(0);
}));
}
public async Task ResetPasswordAndNotifyAsync(string userId, string newPassword, string[] emailAddresses)
{
var user = new User
{
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = true,
Password = newPassword
}
};
await _graphServiceClient.Users[userId].Request().UpdateAsync(user);
foreach (var emailAddress in emailAddresses)
{
var message = new Message
{
Subject = "Your password has been reset",
Body = new ItemBody
{
ContentType = BodyType.Text,
Content = $"Your new password is: {newPassword}"
},
ToRecipients = new[] { new Recipient { EmailAddress = new EmailAddress { Address = emailAddress } } }
};
await _graphServiceClient.Me.SendMail(message, true).Request().PostAsync();
}
}
}