调用 AddUserAsync .NET Core 2.0 时出现 PlatformNotSupported 异常 [英] PlatformNotSupported Exception when calling AddUserAsync .NET Core 2.0

问题描述

我正在尝试编写一些代码，使用 Graph API 在 Azure AD 中创建用户.我从网上的一个例子开始，但现在在添加用户时失败了

I am trying to write some code that creates a user in Azure AD using the Graph API. I started w/ an example off the net, but right now it fails when adding the user, on the line

await adClient.Users.AddUserAsync(userGraphObj);

在下面的 CreateUser() 方法中.我得到的错误是

In the CreateUser() method below. The error I get is

我正在使用 .NET Core 2.0，在 Windows 7 上调试.谷歌搜索，我发现他们为 2.0 带来了序列化，但仅适用于特定类型.

I am using .NET Core 2.0, debugging on Windows 7. Googling around and I found that they brought serialization back for 2.0, but only for specific types.

我真的不在乎.如何在代码中将用户添加到 Azure AD?

I don't really care. How can I add a user to Azure AD in code?

const String appClientID = "2be733f1-88c3-6482-8e2a-5e9631fc3a32";
const String tenant = "espn.onmicrosoft.com";
const String authString = "https://login.microsoftonline.com/" + tenant;
const String authClientSecret = "dDdaVGee315s65ewDSWEwfdw7wq5efDNO5C3cvN4RA";
const String resAzureGraphAPI = "https://graph.windows.net";
const String serviceRootURL = resAzureGraphAPI + appClientID;

private ActiveDirectoryClient GetAADClient()
{
    Uri serviceRoot = new Uri(serviceRootURL);
    ActiveDirectoryClient adClient = new ActiveDirectoryClient(
        serviceRoot, async () => await GetAppTokenAsync());
    return adClient;
}

private static async Task<String> GetAppTokenAsync()
{
    AuthenticationContext authenticationContext = new AuthenticationContext(authString, false);
    ClientCredential clientCred = new ClientCredential(appClientID, authClientSecret);
    AuthenticationResult authResult = await authenticationContext.AcquireTokenAsync(resAzureGraphAPI, clientCred);
    return authResult.AccessToken;
}

public async Task<IActionResult> CreateUser()
    {
        var adClient = GetAADClient();

        //Construct The User
        String userEmail = "TestUser@example.com";
        String mailNickname = userEmail.Split(new char[] { '@' }).FirstOrDefault();

        var userGraphObj = new Microsoft.Azure.ActiveDirectory.GraphClient.User()
        {
            GivenName = "Test",
            Surname = "User",
            Mobile = "13133124044",
            MailNickname = mailNickname,
            DisplayName = "Test User",
            AccountEnabled = true
        };

        await adClient.Users.AddUserAsync(userGraphObj);

        return Ok(tempPassword);

    }

推荐答案

Microsoft 本身建议不要再使用 Azure AD Graph API，而推荐使用 Microsoft Graph API(参见 博客文章).

Microsoft itself recommends not to use the Azure AD Graph API anymore, in favor of the Microsoft Graph API (cf blog post).

如果您对使用 Azure AD API 没有强烈要求，以下是通过最新 API 创建用户的步骤.

If you don't have a strong requirement to use the Azure AD API, here are the steps to create a user via the latest API.

免责声明:

• 我从未成功地从桌面应用程序获取令牌
• 我还没有真正理解应该如何使用权限范围(这里似乎需要一个 URL，但在示例中它通常是一个字符串列表，例如 User.ReadWrite.All 或 Directory.ReadWrite.All)

获取令牌的代码:

const String appClientID = "2be733f1-88c3-6482-8e2a-5e9631fc3a32";
const String tenant = "brazzers.onmicrosoft.com";
const String authString = "https://login.microsoftonline.com/" + tenant;
const String authClientSecret = "dDdaVGee315s65ewDSWEwfdw7wq5efDNO5C3cvN4RA";

public static GraphServiceClient GetAuthenticatedClient()
{
    var delegateAuthenticationProvider = new DelegateAuthenticationProvider(
        async (requestMessage) =>
        {
            var accessToken = await GetAppTokenAsync();
            requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", accessToken);
        }
    );

    return new GraphServiceClient(delegateAuthenticationProvider);
}

private static async Task<String> GetAppTokenAsync()
{
    // this doesn't work for desktop apps, 
    // and PublicClientApplication throws a NotImplementedException
    var cca = new ConfidentialClientApplication(
        appClientID,
        authString, 
        "http://www.example.com/", // no redirect
        new ClientCredential(authClientSecret),
        new TokenCache(),
        new TokenCache());

    var authResult = await cca.AcquireTokenForClientAsync(new[] { $"https://graph.microsoft.com/.default" });
    return authResult.AccessToken;
}

创建用户的代码(由 示例):

public async Task<User> CreateUser(GraphServiceClient graphClient)
{
    // This snippet gets the tenant domain from the Organization object to construct the user's email address.
    var organization = await graphClient.Organization.Request().GetAsync();
    var domain = organization.CurrentPage[0].VerifiedDomains.ElementAt(0).Name;

    // Add the user.
    var userEmail = "TestUser@" + domain;
    var mailNickname = userEmail.Split(new char[] { '@' }).FirstOrDefault();

    return await graphClient.Users.Request().AddAsync(new User
    {
        AccountEnabled = true,
        DisplayName = "Test User",
        MailNickname = mailNickname,
        PasswordProfile = new PasswordProfile
        {
            Password = "super_strong_password"
        },
        UserPrincipalName = userEmail
    });
}

这篇关于调用 AddUserAsync .NET Core 2.0 时出现 PlatformNotSupported 异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！