问题描述
我们有一个用ASP.NET MVC开发的应用程序.我们还在Azure中配置了Acitve目录,并且其中包含一些组.要求是,我们需要从Azure Active Directory的组中提取所有用户,并将新用户添加到其中.
We have an application developed in ASP.NET MVC. We also have Acitve Directory configured in Azure and it has some Groups into it.Requirement is, we need to fetch all users from Azure Active Directory's Group and add a new user into it.
我们在下面使用代码,我想这是在要求额外的身份验证.我们想在不提供弹出窗口进行身份验证的情况下以自身代码提供所有身份验证.你能帮忙吗
We are using code below and it is asking extra authentication I guess. we want to provide all authentication in code it self without giving popup wondow to authenticate. Can you please help with this
// Build a client application.
IPublicClientApplication publicClientApplication = PublicClientApplicationBuilder
.Create("clientID")
.WithTenantId("tenantId")
.Build();
// Create an authentication provider by passing in a client application and graph scopes.
DeviceCodeProvider authProvider = new DeviceCodeProvider(publicClientApplication, new[] { "User.Read" });
// Create a new instance of GraphServiceClient with the authentication provider.
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var members = await graphClient.Groups["groupId"].Members
.Request()
.GetAsync();
以上代码显示一条消息为要登录,请使用网络浏览器打开页面 https://microsoft.com/devicelogin,然后输入代码G9277ULC9进行身份验证."
Above code shows a message as"To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code G9277ULC9 to authenticate."
如何避免在代码本身中提供所有身份验证信息呢?
How can we provide all authentication information in code itself to avoid this step?
已更新API权限如下-
预先谢谢你.
推荐答案
您可以使用 Microsoft Graph SDK 来做到这一点.
You could use the Microsoft Graph SDK to do that.
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var members = await graphClient.Groups["{id}"].Members
.Request()
.GetAsync();
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var directoryObject = new DirectoryObject
{
AdditionalData = new Dictionary<string, object>()
{
{"@odata.id","https://graph.microsoft.com/v1.0/directoryObjects/{id}"}
}
};
await graphClient.Groups["{id}"].Members.References
.Request()
.AddAsync(directoryObject);
更新:
如果您希望采用非交互方式,则需要使用客户端凭据流,即将authProvider
实例创建为客户端凭据提供商.
If you want a non-interactive way, you need to use the client credential flow, i.e. create the authProvider
instance as Client credentials provider.
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenantID)
.WithClientSecret(clientSecret)
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
这篇关于如何使用C#从Azure Active Directory组获取所有用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!