office365 - How to revoke access to a document using an Azure App Registration secretcertificate - Stack Overflow

Using the C# wrapper of the MIP SDK I've been trying to protect documents and revoke access to doc

Using the C# wrapper of the MIP SDK I've been trying to protect documents and revoke access to documents. Protection and revocation both work fine when the JWT token is retrieved through an PublicClientApplication using the username and password of an Office account with an Office 365 license (both in the File and Protection component). However, when I try to revoke access to a document using an Azure App Registration secret/certificate the following exception is thrown:

...
Microsoft.InformationProtection.Exceptions.NoPermissionsException: Received message User has no right to revoke the document. 
User doesn't have premium license. when targeting , 
NoPermissionsError.Category=NotPremiumLicenseUser, 
...

The token returned from the following PublicClientApplication code in combination with different App Registration API permissions works fine:

// Snippets of the IAuthDelegate implementation
...
var app = PublicClientApplicationBuilder.Create(config.ClientId)
            .WithAuthority(authority)
            .WithDefaultRedirectUri()
            .Build();

var result = app
               .AcquireTokenByUsernamePassword(scopes, config.Username, config.Password)
               .ExecuteAsync();

return result.AccessToken;
...

However, when I use the a secret, in combination with different combinations of API permissions, the exception from earlier is thrown.

// Snippets of the IAuthDelegate implementation
...
var app = ConfidentialClientApplicationBuilder.Create(config.ClientId)
            .WithAuthority(authority)
            .WithClientSecret(config.Secret)
            .Build();

var result = app
               .AcquireTokenForClient(scopes)
               .ExecuteAsync();

return result.AccessToken;
...

Is there a specific combination of API permissions and configuration in the SDK that I am missing or is it simply not possible to revoke access to a document (using the MIP SDK) with an secret/certificate?

发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745616415a4636262.html

相关推荐

发表回复

评论列表(0条)

  • 暂无评论

联系我们

400-800-8888

在线咨询: QQ交谈

邮件:admin@example.com

工作时间:周一至周五,9:30-18:30,节假日休息

关注微信