我需要通过 Microsoft Graph API 获取 Azure AD B2C 登录日志,我尝试了以下代码,它没有返回任何日志。
var scopes = new[] { "https://graph.microsoft.com/v1.0/auditLogs/signIns" };
// Multi-tenant apps can use "common",
// single-tenant apps must use the tenant ID from the Azure portal
var tenantId = ConfigurationManager.AppSettings["tenantId"];
// Values from app registration
var clientId = ConfigurationManager.AppSettings["clientId"];
var clientSecret = ConfigurationManager.AppSettings["clientSecret"];
var tenantName = ConfigurationManager.AppSettings["tenantdomain"];
var options = new TokenCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};
// https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential
var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
GraphServiceClient graphClient = new GraphServiceClient(clientSecretCredential, scopes);
var signIns = graphClient.AuditLogs.SignIns.Request().GetAsync();
我得到以下结果,但没有得到任何数据或登录日志
2-如果我将方法更改为以下内容:
var signIns = graphClient.AuditLogs.SignIns.Request().GetAsync().GetAwaiter().GetResult();
我收到以下错误:
ClientSecretCredential authentication failed: AADSTS1002012: The provided value for scope https://graph.microsoft.com/v1.0/auditLogs/signIns is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).
最佳答案
请使用 varscopes = new[] { "https://graph.microsoft.com/.default"}; 代替。这是必要的。
您可以尝试使用 var signIns = wait graphClient.AuditLogs.SignIns.Request().GetAsync(); 因为它是来自 ms graph api 的示例代码.
如果您仍然失败,请转到 Azure 门户和您的 Azure 广告应用程序检查您是否设置了正确的 api permission 。您必须添加应用程序权限AuditLog.Read.All 和 Directory.Read.All,但不是委派权限。
关于c# - 如何以编程方式通过 Microsoft Graph 获取 Azure AD b2c 登录日志,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/73490122/