Does "DelegatedPermissionGrant.ReadWrite.All" allow granting admin consent?
In MS Graph, some delegated permissions need "Admin Consent" and some just need user consent.
For example, the delegated permission User.Read.All requires admin consent. But the delegated permission User.ReadBasic.All does not need admin consent. (But it would still need user consent.)
I know that DelegatedPermissionGrant.ReadWrite.All allows the application to grant consent on behalf of the user. But I don't know if it can grant "Admin Consent".
Can an application with DelegatedPermissionGrant.ReadWrite.All grant "Admin Consent"?
Yes, DelegatedPermissionGrant.ReadWrite.All allows a principal to grant admin consent for Delegated permissions only
AppRoleAssignment.ReadWrite.All allows a principal to grant admin consent for Application permissions
There are examples on how to do so with the MS Graph API and MS Graph PowerShell here
MS Graph PowerShell Example
# The object ID of your Enterprise Application
$servicePrincipalObjectId = ""
# This is the object ID of the Enterprise Application for Microsoft Graph
$graphId = Get-MgServicePrincipal -Filter "displayName eq 'Microsoft Graph'" | Select-Object -ExpandProperty Id
# Permissions to grant consent to, space separated
$scopes = "User.Read.All Directory.Read.All"
$params = @{
ClientId = $servicePrincipalObjectId
ConsentType = "AllPrincipals"
ResourceId = $graphId
Scope = $scopes
}
New-MgOauth2PermissionGrant -BodyParameter $params
Before
After
- asp-controller and asp-action attributes not working
- MudSelect change event is not firing
- How to configure options to display StackTrace with AddProblemDetails() based on environment in ASP.NET Core?
- expression (RDLC) is not working in Asp.net Core MVC [8.0] Web App
- Visual Studio not launching browser when debugging ASP.Net app
- Differences between audience, issuer, and client terms in JWT, OAuth and OIDC
- Blazor dynamic form has field name issue
- Invoking SignalR from Postman
- ASP.NET Core Identity returns 404 instead of 401
- Debugger is not working on Visual Studio 2022
- Type or namespace Azure does not exist in the namespace 'Microsoft'
- ASP.NET CORE Roles - Add IdentityRole
- Styling built-in date picker in Blazor
- How to enable editing on the MudBlazor `MudDataGrid` using a button `OnClick` event to activate `context.Actions.StartEditingItemAsync`?
- C# .NET 9 : binding a json file using IConfiguration
- Why does my radio button binding not work properly?
- Blazor component with func parameter that has nullable generic type parameters
- EditContext not cascaded into custom input derived from InputBase<T>
- Error handling in Blazor server side on .NET 8
- Blazor WASM JWT - How to get auth state in MainLayout
- Blazor SectionOutlet and SectionContent doesn't re-render on navigation
- Azure Functions: host error has occurred during startup operation Could not load file
- Invalid framework identifier Dotnet restore, docker build
- What's the default value for LocalCacheExpiration and Expiration in HybridCache
- Application Insights is not logging if an exception is passed to LogError (or other Log* methods), but does log if the exception is NOT passed
- await Task.Run immediately in .NET gRPC service
- .net core No output cache for admin output cache policy does not work
- ASP.NET Core MVC model on next page
- Default ASP NET Core 9 and Angular template doesn't work after publishing
- How can I disable these suggestions in VS Code for ASP.NET Razor Pages?