specific

specific

关注
发信
中使馆:持两类证件外国人员可入境 到底是哪两类证件?
AngularJS错误参数ng:areq错误
服务注入到控制器
Angular:如何从 HttpClient 下载文件?
封装 ng-change 延迟的角度指令
从本地系统获取服务器时间
如何从项目符号列表中打开新窗口
黑莓应用程序和 Twitter api 中的 Twitter 集成
更改gganimate框架标题的标签
如何从Web C#中的其他过程更改标签文本
Tkinter:如何制作圆角文本小部件?
无法更新RubyGems
AJAX调用PHP文件:返回值为空
要在DataGridView上执行诸如编辑,删除,更新之类的操作
我怎么知道 R 是在 64 位还是 32 位上运行?

使用Graph Api对租户进行角色计数

扫码查看
本文介绍了使用Graph Api对租户进行角色计数的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

是否有一种方法可以找到使用GraphServiceClientGraphConnection类针对每个role分配的tenantnumber of users存在的每个role?我正在使用C#.

Is there a way to find each role that exists against a tenant and number of users which have been assigned against each role using GraphServiceClient or GraphConnection class? I am using C#.

推荐答案

目录角色-查找所有目录角色及其租户成员数

Directory Roles - Finding all directory roles and count of their members for tenant

我已经提供了两个Microsoft Graph API的示例代码( https://graph.microsoft.com )以及Azure AD Graph API( https://graph.windows.net ),但它会非常强大建议您使用较新的Microsoft Graph API,除非您无法从中获取特定的内容,然后再查看Azure AD Graph API.

I have given sample code for both Microsoft Graph API (https://graph.microsoft.com) as well as Azure AD Graph API (https://graph.windows.net), but it would be strongly recommended to use newer Microsoft Graph API unless there is something specific that you aren't able to get from it and only then look at Azure AD Graph API.

请在此处查看更详细的比较 Microsoft Graph或Azure AD Graph

Look here for more detailed comparisons Microsoft Graph or Azure AD Graph

这是nuget包和类的详细信息,如您在评论中所要求的:

Here are nuget package and class details, as you've asked in comments:

  • Microsoft.Graph nuget软件包-与Microsoft Graph API一起使用并使用GraphServiceClient类.

  • Microsoft.Graph nuget package - to work with Microsoft Graph API and use GraphServiceClient class.

Microsoft.Azure.ActiveDirectory.GraphClient nuget程序包-与Azure AD Graph API配合使用并使用ActiveDirectoryClient类.

Microsoft.Azure.ActiveDirectory.GraphClient nuget package - to work with Azure AD Graph API and use ActiveDirectoryClient class.

Microsoft Graph API

API的-列出directoryRoles 列出成员 

var roles = await graphServiceClient.DirectoryRoles.Request().GetAsync();

var members = graphServiceClient.DirectoryRoles[role.Id].Members.Request().GetAsync();

Azure AD Graph API

API的-获取目录角色获取目录角色的成员 

var directoryRoles =  activeDirectoryClient.DirectoryRoles.ExecuteAsync();

var members = await activeDirectoryClient.DirectoryRoles[role.ObjectId].Members.ExecuteAsync();

注意:在测试代码时,我还注意到两个API的行为略有不同.当您要求目录角色的成员时,Microsoft Graph仅返回用户".另一方面,Azure AD Graph返回了用户和服务主体.有关Azure AD Graph的特殊检查,请参阅我的代码.

NOTE: While testing code I also noticed a slight difference in behavior of the 2 API's. Microsoft Graph only returns Users when you ask for members of a directory role. Azure AD Graph on the other hand returned both users and service principals. See my code for a special check in case of Azure AD Graph.

还要注意,您获得的许多结果将是分页集合,因此,如果有多页结果,则可能需要处理分页.

Also note that many of the results you get will be paginated collections, so you may need to handle pagination in case of multiple pages of results.

应用程序角色-查找应用程序的所有应用程序角色,然后通过应用程序角色分配查找用户数.

Application Roles - Finding all Application Roles for an application and then finding Number of users through App Role Assignments.

应用程序角色特定于在Azure AD中注册的应用程序.可以通过在租户中遍历该应用程序的服务主体来读取该应用程序的角色分配集合.

Application Roles are specific to an application registered in Azure AD. Role Assignments collection for that application can be read by going through the service principal for that application in the tenant.

Azure AD Graph API

应用角色

var app = activeDirectoryClient.Applications["<applicationObjectId>"].ExecuteAsync().Result;
var appRoles = app.AppRoles;

应用角色分配

ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(new Uri("https://graph.windows.net/<tenantGuid>"),
async () => await GetTokenForApplication());

var servicePrincipal = activeDirectoryClient.ServicePrincipals.Where(x => x.AppId == "<applicationId>").ExecuteAsync().Result.CurrentPage[0];
var appRoleAssignments = activeDirectoryClient.ServicePrincipals[servicePrincipal.ObjectId].AppRoleAssignedTo.ExecuteAsync().Result;
int userCountForApp = 0;
foreach(var appRoleAssignment in appRoleAssignments.CurrentPage)
{
    if (appRoleAssignment.PrincipalType == "User")
    {
        userCountForApp++;
        Console.WriteLine("Role Id = {0} and User Name = {1}", appRoleAssignment.Id, appRoleAssignment.PrincipalDisplayName);
    }
}

Microsoft Graph API

读取分配给用户的所有应用程序特定角色(即AppRoleAssignments)的功能仅作为Microsoft Graph API Beta端点的一部分提供.因此它不够稳定,无法在生产代码中使用,并且您将找不到Client SDK对C#的支持.在此SO Post中阅读更多具体要点通过马克·拉弗勒尔(Marc LaFleur)

The ability to read all application specific roles assigned to a user (i.e. AppRoleAssignments) is only available as part of Microsoft Graph API beta endpoint. So it's not stable enough to be used in production code and you won't find Client SDK support for C#. Read more specific points in this SO Post by Marc LaFleur

以下是相关的API:

  • AppRoleAssignments
  • AppRoles

这篇关于使用Graph Api对租户进行角色计数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-26 05:13
查看更多
Powered by LMLPHP ©2025 specific 0.048255