问题描述

继续我以编程方式创建和 Azure 应用程序的探索(这从 https://stackoverflow.com/a/44753728/1332416 继续)，我有一个获取 subscriptionID 和 tenantId 的核心，如下所示，但我不知道如何创建应用程序及其相关服务当地校长.这基本上是在 PowerShell 的情况下使用 New-AzureRmADApplication 和 New-AzureRmADServicePrincipal 的地方.这个问题在 https://stackoverflow.com/a/44631758/1332416 部分得到了回答，但它看起来像 .NET核心可能是这里一些问题的原因，因为找不到类型.

To continue my quest to programmatically create and Azure application (this continues from https://stackoverflow.com/a/44753728/1332416), I have core that acquires a subscriptionID and a tenantId as follows, but I'm at loss as how could I create an application and its associated service principal locally. This is basically where New-AzureRmADApplication and New-AzureRmADServicePrincipal would be used in case of PowerShell. This question is partially answered at https://stackoverflow.com/a/44631758/1332416, but it looks like .NET Core may be the cause of some problems here as the types aren't to be found.

更具体地说，我有如下代码

To be more concrete, I have code as follows to

string resource = "https://management.core.windows.net/";
string clientId = "1950a258-227b-4e31-a9cf-717495945fc2";
string userName = "<replace>";
string password = "<replace>";
string apiVersion = "2016-06-01";

using(var client = new HttpClient())
{
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
    string tokenEndpoint = "https://login.microsoftonline.com/common/oauth2/token";
    var body = $"resource={resource}&client_id={clientId}&grant_type=password&username={userName}&password={password}";
    var stringContent = new StringContent(body, Encoding.UTF8, "application/x-www-form-urlencoded");
    var response = await client.PostAsync(tokenEndpoint, stringContent).ConfigureAwait(false);
    var result = await response.Content.ReadAsStringAsync().ConfigureAwait(false);

    JObject jobject = JObject.Parse(result);
    var token = jobject["access_token"].Value<string>();

    client.DefaultRequestHeaders.Add("Authorization", $"bearer {token}");
    var subcriptions = await client.GetStringAsync($"https://management.azure.com/subscriptions?api-version={apiVersion}").ConfigureAwait(false);
    var tenants = await client.GetStringAsync($"https://management.azure.com/tenants?api-version={apiVersion}").ConfigureAwait(false);
    Console.WriteLine(subcriptions);
    Console.WriteLine(tenants);

    //We have the SubscriptionID, TenantId and the token to
    //the subscription here. How to do New-AzureRmADApplication and New-AzureRmADServicePrincipal with the application ID here? Specifically I'm considering to use a certificate thumbrint if it matters.
    //var subscription = "... from subscriptions...";
    //var tenantId = "... from tenants...";
}

推荐答案

您可以获取访问令牌并调用 Azure AD Graph API 来创建应用程序和服务主体.(Microsoft Graph API 也允许它，但只能通过 beta 端点)

You can acquire an access token and call Azure AD Graph API to create the application and service principal. (Microsoft Graph API also allows it, though only through the beta endpoint)

您可以在此处找到应用程序实体文档:https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/entity-and-complex-type-reference#application-entity

You can find the application entity documentation here: https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/entity-and-complex-type-reference#application-entity

要获取令牌，您的应用需要在 Azure AD 中为 Azure AD Graph API 授予必要的委派/应用权限.

To acquire the token, your app will need to have the necessary delegated/app permissions granted in Azure AD for Azure AD Graph API.

然后拿到token后，使用https://graph.windows.net作为资源.

Then when you get the token, use https://graph.windows.net as the resource.

然后你应该可以用这样的主体 POST 到 https://graph.windows.net/tenant-id/applications?api-version=1.6:

Then you should be able to POST to https://graph.windows.net/tenant-id/applications?api-version=1.6 with a body like this:

{
  "displayName":"Test app",
  "identifierUris": [
    "https://mytenant.onmicrosoft.com/testapp"
  ],
  "homePage":"http://localhost"
}

将 URL 中的 tenant-id 替换为您的租户 ID.

Replace tenant-id in the URL with your tenant id.

这是创建的应用程序，在响应中您将获得创建的应用程序.

That's the application created, in the response you will get the created app.

从中获取 appId 字段，您将需要它来创建服务主体.

Grab the appId field from it, you will need it to create the service principal.

然后将 POST 发送到:https://graph.windows.net/tenant-id/servicePrincipals?api-version=1.6，正文如下:

Then make a POST to: https://graph.windows.net/tenant-id/servicePrincipals?api-version=1.6 with a body like this:

{
  "appId":"eb167a6d-aaaa-aaaa-aaaa-46e981be37fa"
}

这应该会创建相应的服务主体.

And that should create the corresponding service principal.

这篇关于使用 .NET Core(API 和 HTTP)创建 Azure AD 应用程序和服务主体的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！