I am trying to create a page in ASP.Net MVC to reset the current user's password. I am using Azure active directory for user authentication. To access, the user's AD information, I am using the C# Graph API client. My code is based on a sample found on GitHub
I am able to make changes to the user's information (such as city, state, email). However, when I attempt to change the password using the PasswordProfile attribute on the user object, I am getting an error saying I have insufficient permissions. I am attempting to change the password as the application and I believe that the source of the permission issue is with the application.
I found the following PowerShell script that is supposed to add the company administrator role to an application. However, the call to Get-MsolServicePrincipal does not return anything. Looking at the output of the command, I don't see any entries that even resemble the name of my application.
#-----------------------------------------------------------
# This will prompt you for your tenant's credential
# You should be able to use your your Azure AD administrative user name
# (in the [email protected] format)
#-----------------------------------------------------------
import-module MSOnline
Connect-MsolService
#-----------------------------------------------------------
# Replace the Application Name with the name of your
# Application Service Principal
#-----------------------------------------------------------
$displayName = "My Azure AD Application"
$objectId = (Get-MsolServicePrincipal -SearchString $displayName).ObjectId
#-----------------------------------------------------------
# This will add your Application Service Prinicpal to
# the Company Administrator role
#-----------------------------------------------------------
$roleName = "Company Administrator"
Add-MsolRoleMember -RoleName $roleName -RoleMemberType ServicePrincipal -RoleMemberObjectId $objectId
I guess my first question is am I correct that the permission issue is with application?
Second, what value to which I should be setting the $displayName variable?