使用Microsoft Graph API在Azure AD中注册(创建)应用程序的方法 [英] Approach(es) to register(create) application in azure AD using Microsoft Graph API
问题描述
当前,我正在使用应用程序权限在azure AD中注册应用程序.我正在尝试找出是否还有更好的选择吗?
Currently, I am registering app(s) in azure AD using application permissions. I am trying to find out if there is any better option to do that?
当前方法:-
- 使用具有"Application.ReadWrite.OwnedBy"的天蓝色门户在天蓝色AD中注册一个应用.申请许可(经管理员同意).
- 使用该应用程序注册其他应用程序,如下所示
ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var application = new Application
{
DisplayName = "App_One",
RequiredResourceAccess = new List<RequiredResourceAccess>()
{
new RequiredResourceAccess
{
ResourceAppId = "cfa8b339-82a2-471a-a3c9-0fc0be7a4093",
ResourceAccess = new List<ResourceAccess>()
{
new ResourceAccess
{
//API permission :- user_impersonation
Id = Guid.Parse("f53da476-18e3-4152-8e01-aec403e6edc0"),
Type = "Scope"
}
}
}
}
};
//Create(Register) application
var app = await graphClient.Applications
.Request().AddAsync(application);
注意:-我正在将.net core 2.1与OpenIdConnect一起使用.
Note:- I am using .net core 2.1 with OpenIdConnect.
当前方法的局限性:-
- 需要使用"Application.ReadWrite.OwnedBy"手动注册一个应用程序.申请许可(经管理员同意).
我试图找出其他方法,然后发现下面的堆栈溢出问题已经解答
I have tried to find out other approach then I found following stack-overflow already question-answer
这给出了有关已授予权限
问题:-
- 没有使用手动注册的应用程序(有许可),还有其他更好的方法吗?
- 当前,用户(在Azure AD中)使用OpenIdConnect登录Web应用程序.我可以使用用户令牌(登录后)注册应用程序(意味着在用户授权后可以使用此令牌创建图形客户端)吗?如果是,我该怎么办?
- 是否可以使用已登录"注册应用程序? (在委托权限的帮助下)用户主体(索赔)?(我对此了解不多,无法清除我对这个问题的理解)?
- Is there any better way to achieve this without using manual registered app(with permission)?
- Currently,Users(in Azure AD) login in web app using OpenIdConnect. Can I use user token(after login) to register app(means after user authorize can I use this token create graph client)? if yes, how can I do this?
- Is it possible to register app using "logged-in" user principal(claims) with help of delegated permissions?(I don't have much knowledge about that to clear my understanding asking this question)?
推荐答案
有没有更好的方法可以实现这一目标,而无需使用手册注册的应用程序(获得许可)?
Is there any better way to achieve this without using manual registered app(with permission)?
无论您使用应用程序权限还是委派权限来访问graph api,都必须首先手动创建一个应用程序(或者您必须首先拥有一个应用程序),然后才能向该应用程序授予应用程序权限或委派权限,并且然后您可以使用此应用程序注册其他应用程序.
Regardless of whether you use application permissions or delegated permissions to access graph api, you must first manually create an application (or you must have an application first), and then you can grant application permissions or delegate permissions to this application, and then You can use this application to register other applications.
当前,用户(在Azure AD中)使用OpenIdConnect登录Web应用程序.能我使用用户令牌(登录后)注册应用(指用户之后授权我可以使用此令牌创建图形客户端)?如果可以,我该怎么办这样吗?
Currently,Users(in Azure AD) login in web app using OpenIdConnect. Can I use user token(after login) to register app(means after user authorize can I use this token create graph client)? if yes, how can I do this?
是的,您可以在登录用户后使用访问令牌来调用MS graph api创建应用程序,请参阅:
Yes, you can use the access token to call MS graph api to create an application after logging in the user, Please see: auth code flow and sample.
是否可以使用已登录"注册应用程序?用户委托人(权利要求)在委派权限的帮助下?(我没有关于这一点的很多知识可以使我理解清楚问题)?
Is it possible to register app using "logged-in" user principal(claims) with help of delegated permissions?(I don't have much knowledge about that to clear my understanding asking this question)?
您可以使用基于委派权限的应用程序来调用这里是一个详细的示例,但正如我所说在此之前,不是用户自己来完成此操作,而是由应用程序代表用户来完成操作.
You can use an application based on delegated permissions to call MS graph api to register an application. Here is a detailed example, but as I said before, it is not the user itself to complete this operation, it is the application that completes the operation on behalf of the user .
这篇关于使用Microsoft Graph API在Azure AD中注册(创建)应用程序的方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
