Here's an example of how you can achieve that, assuming you're using ASP.Net as per this SignIn sample or this SignUp/SignIn sample, by leveraging the SecurityTokenValidated notification while setting up your OpenIdConnectAuthenticationOptions like so:new OpenIdConnectAuthenticationOptions{ // Skipping for brevity // (...) Notifications = new OpenIdConnectAuthenticationNotifications { // (...) SecurityTokenValidated = OnSecurityTokenValidated }, // (...)};并使用ClientCredentials流调用Graph API进行更新，如下所示:And use the ClientCredentials flow to call out to the Graph API to make an update like so:private async Task OnSecurityTokenValidated(SecurityTokenValidatedNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> notification){ string userObjectId = notification.AuthenticationTicket.Identity.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value; bool newUser = false; bool.TryParse(notification.AuthenticationTicket.Identity.FindFirst("newUser")?.Value, out newUser); if (!newUser) return; ClientCredential credential = new ClientCredential(graphClientId, graphClientSecret); AuthenticationContext authContext = new AuthenticationContext("https://login.microsoftonline.com/sacacorpb2c.onmicrosoft.com"); AuthenticationResult result = await authContext.AcquireTokenAsync("https://graph.microsoft.com", credential); string body = "{ \"extension_e5bf5a2db0c9415cb62661a70d8f0a68_AccountId\" : \"Your_New_Value"\"}"; HttpClient http = new HttpClient(); string url = "https://graph.microsoft.com/beta/users/" + userObjectId + "/"; HttpRequestMessage request = new HttpRequestMessage(new HttpMethod("PATCH"), url) { Content = new StringContent(body, Encoding.UTF8, "application/json") }; request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); HttpResponseMessage response = await http.SendAsync(request); return;}重要说明:如果要更新内置属性，则可以使用Azure AD图( https://graph.windows.net )，但是，如果要更新自定义属性，则需要查询Microsoft Graph的Beta终结点( https://graph.microsoft.com ).如果您确实要使用自定义属性，请注意它们具有时髦的名称(在Guid之前)，请使用图形浏览器，查询/beta/users并查看完整的属性名称.您需要注册一个单独的(与用于登录/注册的应用程序不同)应用程序，该应用程序具有与Graph对话的权限.请参阅本文，尽管不是本文要求获得Azure AD Graph的权限，否则，您可能需要按照我之前的观点获得Microsoft Graph的权限.If you want to update built-in attributes, you can use the Azure AD Graph (https://graph.windows.net), however if you want update custom attributes, you'll need to query the Beta endpoint of the Microsoft Graph (https://graph.microsoft.com). If you do go for custom attributes, note that they have funkier names (prepended with Guids), use Graph Explorer, query /beta/users and see what the full attribute name is.You'll need to register a separate (from the one you are using for signin/up) application with permissions to talk to the Graph. See this article for more, though not that the article requests permission for the Azure AD Graph, you might need to get permissions for the Microsoft Graph as per my previous point. 这篇关于将参数传递给注册策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 1403页，肝出来的..