尝试添加AppRoleAssignment [英] Try to adding AppRoleAssignment

查看:119
本文介绍了尝试添加AppRoleAssignment的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用以下代码添加AppRoleAssignment:

I am trying to add an AppRoleAssignment using this code:

   AppRoleAssignment objAppRoleAssignment = new AppRoleAssignment();

            objAppRoleAssignment.Id = Guid.Parse("00000000-0000-0000-0000-000000000000");
            objAppRoleAssignment.ResourceId = Guid.Parse("ServicePrincipalID");
            objAppRoleAssignment.PrincipalType = "User";
            objAppRoleAssignment.PrincipalId = Guid.Parse(user.ObjectId);

            user.AppRoleAssignments.Add(objAppRoleAssignment);

            await user.UpdateAsync();

我没有任何角色,所以我指定默认的 00000000- 0000-0000-0000-000000000000 角色

I don't have any roles so I am specifying the default 00000000-0000-0000-0000-000000000000 role

但我收到此错误:

{"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"One or more properties are invalid."},"values":null}}


推荐答案

您这样做的方式是正确的。似乎有两个错误使您似乎没有保存您的更改。

The way you are doing it is correct. There seems to be two bugs in place that make it seem like your change isn't being saved.


  1. 第一次运行此操作(应用角色分配不存在),即使请求实际上成功完成并确实创建了应用角色分配,SDK也会出错,因为响应中的应用角色分配具有空ID值,这导致它抛出以下例外:




发现名为 id的属性具有预期的空值输入 Edm.Guid [Nullable = False]。预期的类型'Edm.Guid [Nullable = False]'不允许为空值。

A null value was found for the property named 'id', which has the expected type 'Edm.Guid[Nullable=False]'. The expected type 'Edm.Guid[Nullable=False]' does not allow null values.




  1. 如果您随后重试(一旦创建了应用程序角色分配),您现在将得到共享的错误,这很容易引起误解,因为问题不在于您的值不正确,而在于正在尝试为已经有一个资源+主体创建一个appRoleAssigment。您可以通过查询(直接或通过 https://graphexplorer.cloudapp.net )来确认是否属于这种情况以下:

  1. If you then retry (once the app role assignment is created), you'll now get the error you've shared which is quite misleading since the problem isn't that you've got bad values but rather that you're trying to create an appRoleAssigment for a Resource + Principal that already has one. You can confirm this is the case by querying (directly or via the https://graphexplorer.cloudapp.net) the following:




https://graph.windows.net/ [yourtenant] / servicePrincipals / [ResourceID] / appRoleAssignedTo


https://graph.windows.net/ [yourtenant] / users / [PrincipalID] / appRoleAssignments

我们正在研究纠正此问题的方法,但在此期间,您可以选择吞下#1中的异常或不使用SDK并手动制作将请求发布到appRoleAssignments。

We're looking into correcting this issue, but in the interim your options are to either swallow the exception in #1 or not use the SDK and manually craft your post request to appRoleAssignments.

这篇关于尝试添加AppRoleAssignment的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆