graphapi错误说无法邀请此用户,因为用户的电子邮件地址的域是此目录的验证域
我使用graplapi将用户从我的代码中添加到Azure AD B2C中。我使用以下片段:
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(_config["ClientId"])
.WithTenantId(_config["TenantId"])
.WithClientSecret(_config["ClientSecret"])
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var invitation = new Invitation
{
InvitedUserEmailAddress = user.Mail,
InvitedUserDisplayName = user.Name + " " + user.Surname,
InviteRedirectUrl = "https://redirect.net/",
SendInvitationMessage = true
};
await graphClient.Invitations
.Request()
.AddAsync(invitation);
最后一行失败,错误
无法邀请此用户,因为用户电子邮件地址的域是此目录的验证域。
我检查了该应用程序的权限 - > B2C和一切似乎都设置得很好。我现在正在使用.NET6,但是更早地使用了.NET3.1,并且该片段工作没有丢弃任何错误。有人偶然发现了这样的错误,我该如何解决?
I use the GraphAPI to add users from my code to inject users into Azure AD B2C. I use the following snippet:
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(_config["ClientId"])
.WithTenantId(_config["TenantId"])
.WithClientSecret(_config["ClientSecret"])
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var invitation = new Invitation
{
InvitedUserEmailAddress = user.Mail,
InvitedUserDisplayName = user.Name + " " + user.Surname,
InviteRedirectUrl = "https://redirect.net/",
SendInvitationMessage = true
};
await graphClient.Invitations
.Request()
.AddAsync(invitation);
The last line fails with the error
This user cannot be invited because the domain of the user's email address is a verified domain of this directory.
I checked the permissions for the app -> b2c and everything seems to be set well. I'm using .net6 now but earlier I used .net3.1 and this snippet worked without throwing any error. Has someone stumbled upon an error like this and how can I fix it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
只有在组织中的Azure Active Directory成员时,才能添加与备份租户相同的电子邮件域的用户。
将新用户添加到AAD:
之后,您的Azure广告组织将接收新创建的用户。另外,不要忘记将用户添加为Azure AD的成员而不是客人。
参考:
允许或阻止来自B2B用户的邀请。特定的组织
Users who share the same email domain as the backup tenant can only be added if they are Azure Active Directory members in your organization.
To add a new user to AAD:
After that, your Azure AD organisation receives the newly created user. Also, don't forget to add the user as a member of Azure AD rather than a guest.
References:
Allow or block invitations to B2B users from specific organizations