本文介绍了如何使用Microsoft Graph和SDK更新现有B2C用户的身份集合的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

限时删除!!

我正在尝试为Azure AD B2C租户中的现有用户更新 identities 集合.具体来说,我正在尝试为用户添加另一个联合身份条目.

根据

此外,请注意,我们可以为Azure AD b2c本地用户添加一个身份提供程序.

I am trying to update the identities collection for an existing User in an Azure AD B2C tenant. Specifically, I am attempting to add another federated identity entry for the user.

According to the Microsoft Graph documentation this should be possible provided that I:

  1. Assign User.ManageIdentities.All permission to the client I am using to make the graph call
  2. Send the entire existing identities collection, with the new identity entry appended (this also ensures that the existing identity with signInType userPrincipalName is also sent in the request)

I have registered an application in the B2C tenant and assigned it specific permissions to access Microsoft Graph. I am using Client Credentials flow to obtain an access token with the appropriate permissions in the roles claim. I can successfully obtain an access token, and have confirmed the presence of the required permissions by examining the issued JWT.

I am also using the Microsoft.Graph SDK to make calls to the graph v1.0 endpoints from C# code. I have an existing user that I am trying to update, with a well-known userId (objectId). Using the access token and GraphServiceClient I can successfully retrieve the user. For example, the following code works fine

var user = await client.Users[userId].Request()
    .Select(o => new { o.Id, o.DisplayName, o.Identities })
    .GetAsync();

After retrieving the user, I then attempt to add another entry to the identities property for the user and issue an update graph call for the user. Note that the SDK requires update calls to only use objects created locally i.e. you can't send an existing object that was previously fetched via the SDK.

My complete update code is as follows

async Task TryUpdateUser(GraphServiceClient client, string userId)
{
    var user = await client.Users[userId].Request()
        .Select(o => new { o.Id, o.DisplayName, o.Identities })
        .GetAsync();

    // Need to re-create the existing identities since Graph client rejects existing items in requests
    var identities = user.Identities.Select(o => new ObjectIdentity
    {
        SignInType = o.SignInType,
        Issuer = o.Issuer,
        IssuerAssignedId = o.IssuerAssignedId
    }).ToList();

    identities.Add(new ObjectIdentity
    {
        SignInType = "federated",
        Issuer = "TestIssuer",
        IssuerAssignedId = "testingId"
    });

    var updatedUser = new User
    {
        Identities = identities
    };

    await client.Users[userId].Request().UpdateAsync(updatedUser);
}

However, when UpdateAsync is called an exception is thrown with response type BadRequest. The error message states:

I'm clearly trying to create a federated user signInType, so the error message text referring to a non-federated user signInType is confusing me.

What am I doing wrong?

解决方案

At the moment, we cannot migrate Azure AD b2c federated user from one Identity Provider to another Identity Provider and add another Identity Provider or non-federated Identity(userName or emailAddress) for the Azure AD b2c federated user. If you try to do that, you will get the error as above.

Besides, please note that we can add one Identity Provider for Azure AD b2c local user.

这篇关于如何使用Microsoft Graph和SDK更新现有B2C用户的身份集合的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

1403页,肝出来的..

09-06 17:02