Azure AD B2C自定义用户属性 [英] Azure AD B2C Custom User Attributes
问题描述
我是Azure B2C世界的新手.我正在尝试创建一个自定义用户"属性来存储我们应用程序的数据.我已经在Azure门户中创建了它,并将其分配给了我的注册/登录"策略.但是,我希望能够以编程方式更新/读取此值.我一直在使用Graph API和注册Extensions.有两个问题:
I'm new to the Azure B2C world. I'm attempting to create a Custom User attribute to store data for our application. I've created it in the Azure portal and assigned it to my Signup/SignIn policy. However, I want to be able to update/read this value programtically. I've been going down the route of using Graph API and registering Extensions. So two questions:
1)扩展名/自定义属性是否相同? 2)我已经尝试过此代码,并且返回的扩展名始终为空:
1) Are extensions/custom attributes the same thing? 2) I've tried this code and the returned extensions are always empty:
public void RegisterExtension()
{
string myRegisteredAppObjectId = "<>";
string json = @"{
""name"": ""My Custom Attribute"",
""dataType"": ""String"",
""targetObjects"": [
""User""
]
}";
B2CGraphClient b2CGraphClient = new B2CGraphClient();
b2CGraphClient.RegisterExtension(myRegisteredAppObjectId, json);
var extensions = JsonConvert.DeserializeObject(b2CGraphClient.GetExtensions(myRegisteredAppObjectId).Result);
}
B2CGraphClient.cs
B2CGraphClient.cs
public class B2CGraphClient
{
private string clientId { get; set; }
private string clientSecret { get; set; }
private string tenant { get; set; }
private AuthenticationContext authContext;
private ClientCredential credential;
public B2CGraphClient(string clientId, string clientSecret, string tenant)
{
// The client_id, client_secret, and tenant are pulled in from the App.config file
this.clientId = clientId;
this.clientSecret = clientSecret;
this.tenant = tenant;
// The AuthenticationContext is ADAL's primary class, in which you indicate the direcotry to use.
this.authContext = new AuthenticationContext("https://login.microsoftonline.com/" + tenant);
// The ClientCredential is where you pass in your client_id and client_secret, which are
// provided to Azure AD in order to receive an access_token using the app's identity.
this.credential = new ClientCredential(clientId, clientSecret);
}
public async Task<string> DeleteUser(string objectId)
{
return await SendGraphDeleteRequest("/users/" + objectId);
}
public async Task<string> RegisterExtension(string objectId, string body)
{
return await SendGraphPostRequest("/applications/" + objectId + "/extensionProperties", body);
}
public async Task<string> GetExtensions(string appObjectId)
{
return await SendGraphGetRequest("/applications/" + appObjectId + "/extensionProperties", null);
}
private async Task<string> SendGraphPostRequest(string api, string json)
{
// NOTE: This client uses ADAL v2, not ADAL v4
AuthenticationResult result = authContext.AcquireToken(Globals.aadGraphResourceId, credential);
HttpClient http = new HttpClient();
string url = Globals.aadGraphEndpoint + tenant + api + "?" + Globals.aadGraphVersion;
Console.ForegroundColor = ConsoleColor.Cyan;
Console.WriteLine("POST " + url);
Console.WriteLine("Authorization: Bearer " + result.AccessToken.Substring(0, 80) + "...");
Console.WriteLine("Content-Type: application/json");
Console.WriteLine("");
Console.WriteLine(json);
Console.WriteLine("");
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, url);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
request.Content = new StringContent(json, Encoding.UTF8, "application/json");
HttpResponseMessage response = await http.SendAsync(request);
if (!response.IsSuccessStatusCode)
{
string error = await response.Content.ReadAsStringAsync();
object formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error Calling the Graph API: \n" + JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine((int)response.StatusCode + ": " + response.ReasonPhrase);
Console.WriteLine("");
return await response.Content.ReadAsStringAsync();
}
public async Task<string> SendGraphGetRequest(string api, string query)
{
// First, use ADAL to acquire a token using the app's identity (the credential)
// The first parameter is the resource we want an access_token for; in this case, the Graph API.
AuthenticationResult result = authContext.AcquireToken("https://graph.windows.net", credential);
// For B2C user managment, be sure to use the 1.6 Graph API version.
HttpClient http = new HttpClient();
string url = "https://graph.windows.net/" + tenant + api + "?" + Globals.aadGraphVersion;
if (!string.IsNullOrEmpty(query))
{
url += "&" + query;
}
Console.ForegroundColor = ConsoleColor.Cyan;
Console.WriteLine("GET " + url);
Console.WriteLine("Authorization: Bearer " + result.AccessToken.Substring(0, 80) + "...");
Console.WriteLine("");
// Append the access token for the Graph API to the Authorization header of the request, using the Bearer scheme.
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, url);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = await http.SendAsync(request);
if (!response.IsSuccessStatusCode)
{
string error = await response.Content.ReadAsStringAsync();
object formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error Calling the Graph API: \n" + JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine((int)response.StatusCode + ": " + response.ReasonPhrase);
Console.WriteLine("");
return await response.Content.ReadAsStringAsync();
}
}
当然,myRegisteredAppObjectId
中具有有效的GUID.
Of course, myRegisteredAppObjectId
has a valid GUID in it.
谢谢
推荐答案
扩展程序/自定义属性是否相同?
Are extensions/custom attributes the same thing?
根据我的测试,扩展名与自定义属性相同.
Based on my test, extensions is the same thing as custom attributes.
我已经尝试过此代码,并且返回的扩展名始终为空:
I've tried this code and the returned extensions are always empty:
我在在我的策略中使用自定义属性.您可以参考我的测试步骤.
I add the custom propery MyCustomAttribute
following this tutorial and use a custom attribute in my policy. You could refer to my test steps.
我从Github下载 B2C-GraphAPI-DotNet 项目.对自定义属性使用以下代码
I download the B2C-GraphAPI-DotNet project from Github. Using following code to the custom attribute
var applications = client.GetApplications("$filter=startswith(displayName, 'b2c-extensions-app')").Result
var extension = client.GetExtensions(objectId).Result //objectId from the applications result.
然后,我们可以从扩展名中获取自定义属性.
Then we could get the custom properties from the extension.
然后,您可以像对待用户对象上的其他任何属性一样对待该属性
Then you can then treat that attribute the same way you treat any other property on a user object
例如创建用户:
var jsonObject = new JObject
{
{"accountEnabled", true},
{"country", "US"},
{"creationType", "LocalAccount"},
{"displayName", "Tomsun"},
{"passwordPolicies", "DisablePasswordExpiration,DisableStrongPassword"},
{ "extension_42ba0de8530a4b5bbe6dad21fe6ef092_MyCustomAttribute","test2"}, //custom propery
{"passwordProfile", new JObject
{
{"password", "!QAZ1234wer"},
{"forceChangePasswordNextLogin", true}
} },
{"signInNames", new JArray
{
new JObject
{
{"value","tom1@example.com"},
{"type", "emailAddress"}
}
}
}
};
string user = client.CreateUser(jsonObject.ToString()).Result;
查询用户
var user = client.GetUserByObjectId(objectId).Result; //user objectId
更新用户
var jsonUpdate = new JObject
{
{ "extension_42ba0de8530a4b5bbe6dad21fe6ef092_MyCustomAttribute","testx"}
};
var updateuser = client.UpdateUser("objectId", jsonObject2.ToString()).Result; //UserObject Id
这篇关于Azure AD B2C自定义用户属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!