Programmer puzzle solving

    最新消息:Welcome to the puzzle paradise for programmers! Here, a well-designed puzzle awaits you. From code logic puzzles to algorithmic challenges, each level is closely centered on the programmer's expertise and skills. Whether you're a novice programmer or an experienced tech guru, you'll find your own challenges on this site. In the process of solving puzzles, you can not only exercise your thinking skills, but also deepen your understanding and application of programming knowledge. Come to start this puzzle journey full of wisdom and challenges, with many programmers to compete with each other and show your programming wisdom! Translated with DeepL.com (free version)
    你的位置: HOME>matter>office365 - How to revoke access to a document using an Azure App Registration secretcertificate - Stack Overflow

    office365 - How to revoke access to a document using an Azure App Registration secretcertificate - Stack Overflow

    matteradmin4PV0评论

    Using the C# wrapper of the MIP SDK I've been trying to protect documents and revoke access to documents. Protection and revocation both work fine when the JWT token is retrieved through an PublicClientApplication using the username and password of an Office account with an Office 365 license (both in the File and Protection component). However, when I try to revoke access to a document using an Azure App Registration secret/certificate the following exception is thrown:

    ...
Microsoft.InformationProtection.Exceptions.NoPermissionsException: Received message User has no right to revoke the document. 
User doesn't have premium license. when targeting , 
NoPermissionsError.Category=NotPremiumLicenseUser, 
...

    The token returned from the following PublicClientApplication code in combination with different App Registration API permissions works fine:

    // Snippets of the IAuthDelegate implementation
...
var app = PublicClientApplicationBuilder.Create(config.ClientId)
            .WithAuthority(authority)
            .WithDefaultRedirectUri()
            .Build();

var result = app
               .AcquireTokenByUsernamePassword(scopes, config.Username, config.Password)
               .ExecuteAsync();

return result.AccessToken;
...

    However, when I use the a secret, in combination with different combinations of API permissions, the exception from earlier is thrown.

    // Snippets of the IAuthDelegate implementation
...
var app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
            .WithAuthority(authority)
            .WithClientSecret(config.Secret)
            .Build();

var result = app
               .AcquireTokenForClient(scopes)
               .ExecuteAsync();

return result.AccessToken;
...

    Is there a specific combination of API permissions and configuration in the SDK that I am missing or is it simply not possible to revoke access to a document (using the MIP SDK) with an secret/certificate?

    Articles related to this article

    Post a comment

    comment list (0)

    1. No comments so far