如何使用Azure SDK创建应用程序注册 [英] How to create app registration using Azure SDK
问题描述
我需要使用Azure SDK(或SDK不能使用的话,使用rest api调用)向Azure AD创建应用注册
I need to create an app registration with Azure AD using Azure SDK (or using rest api call, if it's not possible with SDK)
通常,您可以使用门户网站手动进行操作:
normally you do it manually using portal:
或调用Azure CLI命令az ad app create
or calling Azure CLI command az ad app create
如何从SDK或REST服务中实现
How can I do it from SDK or REST service
推荐答案
有两种可能的方法.您可以根据自己的情况选择有效的方法.
There are 2 possible ways to do this. You can pick what works based on your scenario.
-
Microsoft Graph API Beta端点
Microsoft Graph API Beta端点正常工作包含应用程序资源(也早于Jean-Marc Prieur的回答).
Microsoft Graph API Beta endpoint and working with Application resource (as answered by Jean-Marc Prieur earlier too).
POST https://graph.microsoft.com/beta/applications
注意:这可以工作,但请注意,这是一个Beta终结点.因此,如果您这样做是为了进行测试/学习,那很好,但是如果您打算将其用于生产应用程序代码,则不建议这样做.
NOTE: This would work but caveat being it's a beta endpoint. So if you're doing this for testing/learning that's fine but if you plan to use it for production application code it would not be recommended.
请参见 Microsoft Graph Beta终结点文档本身即可查看Microsoft的建议.
See Microsoft Graph beta endpoint documentation itself to see Microsoft's recommendation.
还要注意,由于当前此功能处于Beta版,因此您将无法使用这篇由Marc LaFleur撰写的SO帖子具有相似的上下文.
Also note that since currently this functionality is in Beta, you won't be able to use the Microsoft Graph .NET Client Library, but once it's released for general availability, even Client Library will probably be refreshed to support these operations. See this SO post by Marc LaFleur with similar context.
Azure AD Graph API
Azure AD Graph API是较旧的API,Microsoft Graph API是较新的API,建议对所有可能的操作使用它.您遇到的情况恰好是Microsoft Graph API稳定版本(v1.0)尚未赶上,并且该功能仅在beta中可用,因此对于生产版本代码,您仍应使用较旧的Azure AD Graph API或其客户端库.阅读有关比较和特殊用例的信息
Azure AD Graph API which is an older API and Microsoft Graph API is newer and recommended one for any operations possible. Your case just happens to be one where Microsoft Graph API stable version (v1.0) has not caught up yet and that functionality is only available in beta, hence for production version code you should still use older Azure AD Graph API or it's client library. Read about comparisons and special use cases here
您可以使用Azure AD Graph API和应用程序实体. POST操作可以帮助您创建应用程序.
You can use Azure AD Graph API and Application entity. POST operation can help you create an application.
POST https://graph.windows.net/{tenant-id}/applications?api-version=1.6
了解详细信息:您可以选择直接调用此API,也可以使用 Azure AD Graph客户端库
You can choose to call this API directly or make use of Azure AD Graph Client Library
这是创建Azure AD应用程序的快速而肮脏的示例代码(C#)
Here is a quick and dirty sample code (C#) to create an Azure AD application
请注意,我将app.PublicClient标志保留为true,以注册为本机应用程序.如果要将其注册为Web应用程序,可以将其设置为false.
Notice that I've kept app.PublicClient flag as true to register as a native application. You can set it to false if you want to register it as a web application.
设置:我在Azure AD中注册了一个应用程序,该应用程序具有所需的权限作为应用程序权限-读取和写入所有应用程序,并为此应用程序完成了授予权限.现在,使用此应用程序的客户端ID和客户端密钥,将获取令牌,并调用Azure AD Graph API创建一个应用程序.使用应用程序权限不是强制性的,您也可以通过提示用户输入凭据来使用委派权限.请参阅两个更详细示例的链接(旧示例,但仍然有用).
Setup: I have an application registered in Azure AD, which has required permissions as application permission - Read and Write all applications and grant permissions is done for this app. Now using this application's client id and client secret, a token is acquired and Azure AD Graph API is called to create an application. It is not mandatory to use application permissions, you can also use delegated permissions by prompting user for credentials. See links to two more detailed examples (old ones but still useful).
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Microsoft.Azure.ActiveDirectory.GraphClient;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
namespace CreateAzureADApplication
{
class Program
{
static void Main(string[] args)
{
ActiveDirectoryClient directoryClient;
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(new Uri("https://graph.windows.net/{yourAADGUID}"),
async () => await GetTokenForApplication());
Application app = new Application();
app.DisplayName = "My Azure AD Native App";
app.PublicClient = true;
app.Homepage = "https://myazureadnativeapp";
activeDirectoryClient.Applications.AddApplicationAsync(app).GetAwaiter().GetResult();
}
public static async Task<string> GetTokenForApplication()
{
AuthenticationContext authenticationContext = new AuthenticationContext(
"https://login.microsoftonline.com/{yourAADGUID}",
false);
// Configuration for OAuth client credentials
ClientCredential clientCred = new ClientCredential("yourappclientId",
"yourappclientsecret"
);
AuthenticationResult authenticationResult =
await authenticationContext.AcquireTokenAsync("https://graph.windows.net", clientCred);
return authenticationResult.AccessToken;
}
}
}
这篇关于如何使用Azure SDK创建应用程序注册的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
