Azure的ActiveDirectory的图形API GraphClient没有返回广告组 [英] Azure ActiveDirectory Graph API GraphClient not returning AD Groups
本文介绍了Azure的ActiveDirectory的图形API GraphClient没有返回广告组的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我要检索的Azure AD用户的组信息。
使用下面的图形API包来实现这一点。
- Microsoft.Azure.ActiveDirectory.GraphClient
- Microsoft.IdentityModel.Clients.ActiveDirectory 2.13.112191810
我能够成功地检索从Azure的图形API用户的信息。
但是当我运行此方法检索用户的群体,提琴手显示了含JSON片段组信息,一个成功的HTTP 200响应但是该方法本身并不具有了IEnumerable返回。
的IEnumerable<串GT;基团= user.GetMemberGroupsAsync(假).Result.ToList();
在code似乎并没有从这个异步请求返回。
得到的经验是空白页,而认证的管道卡住。
全部code
公众覆盖ClaimsPrincipal进行身份验证(字符串资源名称,ClaimsPrincipal incomingPrincipal)
{
如果(incomingPrincipal.Identity.IsAuthenticated ==真&放大器;!&安培;
_authorizationService.IdentityRegistered(incomingPrincipal.Identity.Name))
{
返回base.Authenticate(资源名称,incomingPrincipal);
} _authorizationService.AddClaimsToIdentity(((ClaimsIdentity)incomingPrincipal.Identity)); 权利要求tenantClaim = incomingPrincipal.FindFirst(TenantIdClaim); 如果(tenantClaim == NULL)
{
抛出新NotSupportedException异常(承租人索赔不可用,角色的身份验证,不支持);
} 字符串tenantId = tenantClaim.Value;
字符串权威=的String.Format(CultureInfo.InvariantCulture,_aadInstance,_tenant);
乌里servicePointUri =新的URI(https://graph.windows.net);
ClientCredential clientCredential =新ClientCredential(_clientId,_password); AuthenticationContext authContext =新AuthenticationContext(权威,真实);
AuthenticationResult结果= authContext.AcquireToken(servicePointUri.ToString(),clientCredential);
令牌= result.AccessToken; ActiveDirectoryClient activeDirectoryClient =
新ActiveDirectoryClient(新的URI(servicePointUri,tenantId)
异步()=>等待AcquireTokenAsync()); IUSER用户= activeDirectoryClient
。用户
。凡(X => x.UserPrincipalName.Equals(incomingPrincipal.Identity.Name))
.ExecuteAsync()
。结果
。当前页面
.ToList()
.FirstOrDefault(); 如果(用户== NULL)
{
抛出新NotSupportedException异常(未知用户。);
} IEnumerable的<串GT;基团= user.GetMemberGroupsAsync(假).Result.ToList();
返回incomingPrincipal;
}
解决方案
我有同样的问题。我的code是根据文档改变后的工作
https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet
IUserFetcher retrievedUserFetcher =(用户)的用户;
IPagedCollection< IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync()结果。
做{
清单< IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
的foreach(IDirectoryObject directoryObject在directoryObjects){
如果(directoryObject是集团){
群组= directoryObject担任集团;
((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(
新的索赔(ClaimTypes.Role,group.DisplayName,ClaimValueTypes.String,图形));
}
}
pagedCollection = pagedCollection.GetNextPageAsync()结果。
}而(pagedCollection = NULL&放大器;!&安培; pagedCollection.MorePagesAvailable);
I want to retrieve a User's Group information from Azure AD.
Using the following Graph API packages to achieve this
- Microsoft.Azure.ActiveDirectory.GraphClient
- Microsoft.IdentityModel.Clients.ActiveDirectory 2.13.112191810
I am able to successfully retrieve Users information from the Azure Graph API.
But when I run this method to retrieve a User's groups, Fiddler shows a successful HTTP 200 response with JSON fragment containing group information however the method itself does not return with the IEnumerable.
IEnumerable<string> groups = user.GetMemberGroupsAsync(false).Result.ToList();
The code doesn't seem to return from this async request.
The resulting experience is blank page while the authentication pipeline gets stuck.
Full code
public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
{
if (!incomingPrincipal.Identity.IsAuthenticated == true &&
_authorizationService.IdentityRegistered(incomingPrincipal.Identity.Name))
{
return base.Authenticate(resourceName, incomingPrincipal);
}
_authorizationService.AddClaimsToIdentity(((ClaimsIdentity) incomingPrincipal.Identity));
Claim tenantClaim = incomingPrincipal.FindFirst(TenantIdClaim);
if (tenantClaim == null)
{
throw new NotSupportedException("Tenant claim not available, role authentication is not supported");
}
string tenantId = tenantClaim.Value;
string authority = String.Format(CultureInfo.InvariantCulture, _aadInstance, _tenant);
Uri servicePointUri = new Uri("https://graph.windows.net");
ClientCredential clientCredential = new ClientCredential(_clientId, _password);
AuthenticationContext authContext = new AuthenticationContext(authority, true);
AuthenticationResult result = authContext.AcquireToken(servicePointUri.ToString(), clientCredential);
Token = result.AccessToken;
ActiveDirectoryClient activeDirectoryClient =
new ActiveDirectoryClient(new Uri(servicePointUri, tenantId),
async () => await AcquireTokenAsync());
IUser user = activeDirectoryClient
.Users
.Where(x => x.UserPrincipalName.Equals(incomingPrincipal.Identity.Name))
.ExecuteAsync()
.Result
.CurrentPage
.ToList()
.FirstOrDefault();
if (user == null)
{
throw new NotSupportedException("Unknown User.");
}
IEnumerable<string> groups = user.GetMemberGroupsAsync(false).Result.ToList();
return incomingPrincipal;
}
解决方案
I have the same problem. My code is working after changing it according to documentation https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet
IUserFetcher retrievedUserFetcher = (User) user;
IPagedCollection<IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result;
do {
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects) {
if (directoryObject is Group) {
Group group = directoryObject as Group;
((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(
new Claim(ClaimTypes.Role, group.DisplayName, ClaimValueTypes.String, "GRAPH"));
}
}
pagedCollection = pagedCollection.GetNextPageAsync().Result;
} while (pagedCollection != null && pagedCollection.MorePagesAvailable);
这篇关于Azure的ActiveDirectory的图形API GraphClient没有返回广告组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
