It uses an incremental consent pattern, in which it first requests consent for a basic set of permission that an ordinary user can consent to themselves like the ability to read a list of users in the user's organization. The app is built as an ASP.NET 4.5 MVC application, using the OWIN OpenID Connect middleware to sign-in users and uses the Microsoft Authentication Library (MSAL)] to perform token acquisition. This sample application shows how to use the Microsoft identity platform endpoint to access data in the Microsoft Graph that requires consent for permissions that have an administrative scope. For this reason, some permissions are considered admin restricted, and require a tenant administrator to approve their use in applications. Yet there are many valid reasons why applications need to perform these actions for their customers. Active-directory-dotnet-admin-restricted-scopes-v2īuild an app with admin restricted scopes using the Microsoft identity platform endpointĬertain actions in the Azure Active Directory tenant are considered highly sensitive, such as deleting a user from the tenant, creating and managing applications, listing and assigning users to security groups.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |