如何使用 Azure SDK 创建应用注册 [英] How to create app registration using Azure SDK
问题描述
我需要使用 Azure SDK(或使用 rest api 调用,如果 SDK 无法实现)在 Azure AD 中创建应用注册
通常您使用门户手动执行此操作:
或调用 Azure CLI 命令az ad app create
我怎样才能从 SDK 或 REST 服务中做到这一点
有两种可能的方法来做到这一点.您可以根据自己的场景选择有效的方法.
Microsoft Graph API Beta 端点
另请注意,由于目前此功能处于测试阶段,您将无法使用
您可以使用 Azure AD Graph API 和应用程序实体.POST 操作可以帮助您创建应用程序.
POST https://graph.windows.net/{tenant-id}/applications?api-version=1.6阅读详细信息:应用程序实体 - Azure AD Graph API
您可以选择直接调用此 API 或使用 Azure AD 图形客户端库
这是一个快速而肮脏的示例代码 (C#),用于创建 Azure AD 应用程序
请注意,我将 app.PublicClient 标志保留为 true 以注册为本机应用程序.如果要将其注册为 Web 应用程序,可以将其设置为 false.
设置:我在 Azure AD 中注册了一个应用程序,该应用程序具有应用程序权限所需的权限 - 读取和写入所有应用程序并为此应用程序授予权限.现在使用此应用程序的客户端 ID 和客户端密码,获取令牌并调用 Azure AD Graph API 来创建应用程序.使用应用程序权限不是强制性的,您也可以通过提示用户输入凭据来使用委派权限.请参阅两个更详细示例的链接(旧示例但仍然有用).
使用系统;使用 System.Collections.Generic;使用 System.Linq;使用 System.Text;使用 System.Threading.Tasks;使用 Microsoft.Azure.ActiveDirectory.GraphClient;使用 Microsoft.IdentityModel.Clients.ActiveDirectory;命名空间 CreateAzureADApplication{课堂节目{静态无效主要(字符串 [] 参数){ActiveDirectoryClient 目录客户端;ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(new Uri("https://graph.windows.net/{yourAADGUID}"),异步()=>等待 GetTokenForApplication());应用程序 = 新应用程序();app.DisplayName = "我的 Azure AD 原生应用";app.PublicClient = true;app.Homepage = "https://myazureadnativeapp";activeDirectoryClient.Applications.AddApplicationAsync(app).GetAwaiter().GetResult();}公共静态异步任务<字符串>GetTokenForApplication(){AuthenticationContext authenticationContext = new AuthenticationContext("https://login.microsoftonline.com/{yourAADGUID}",错误的);//OAuth 客户端凭据的配置ClientCredential clientCred = new ClientCredential("yourappclientId",你的应用客户端秘密");AuthenticationResult authenticationResult =等待 authenticationContext.AcquireTokenAsync("https://graph.windows.net", clientCred);返回 authenticationResult.AccessToken;}}}
I need to create an app registration with Azure AD using Azure SDK (or using rest api call, if it's not possible with SDK)
normally you do it manually using portal:
or calling Azure CLI command az ad app create
How can I do it from SDK or REST service
There are 2 possible ways to do this. You can pick what works based on your scenario.
Microsoft Graph API Beta Endpoint
Microsoft Graph API Beta endpoint and working with Application resource (as answered by Jean-Marc Prieur earlier too).
POST https://graph.microsoft.com/beta/applicationsNOTE: This would work but caveat being it's a beta endpoint. So if you're doing this for testing/learning that's fine but if you plan to use it for production application code it would not be recommended.
See Microsoft Graph beta endpoint documentation itself to see Microsoft's recommendation.
Also note that since currently this functionality is in Beta, you won't be able to use the Microsoft Graph .NET Client Library, but once it's released for general availability, even Client Library will probably be refreshed to support these operations. See this SO post by Marc LaFleur with similar context.
Azure AD Graph API
Azure AD Graph API which is an older API and Microsoft Graph API is newer and recommended one for any operations possible. Your case just happens to be one where Microsoft Graph API stable version (v1.0) has not caught up yet and that functionality is only available in beta, hence for production version code you should still use older Azure AD Graph API or it's client library. Read about comparisons and special use cases here
You can use Azure AD Graph API and Application entity. POST operation can help you create an application.
POST https://graph.windows.net/{tenant-id}/applications?api-version=1.6Read about the details: Application Entity - Azure AD Graph API
You can choose to call this API directly or make use of Azure AD Graph Client Library
Here is a quick and dirty sample code (C#) to create an Azure AD application
Notice that I've kept app.PublicClient flag as true to register as a native application. You can set it to false if you want to register it as a web application.
Setup: I have an application registered in Azure AD, which has required permissions as application permission - Read and Write all applications and grant permissions is done for this app. Now using this application's client id and client secret, a token is acquired and Azure AD Graph API is called to create an application. It is not mandatory to use application permissions, you can also use delegated permissions by prompting user for credentials. See links to two more detailed examples (old ones but still useful).
Azure AD Graph Client Library 2.0 Announcement page
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using Microsoft.Azure.ActiveDirectory.GraphClient; using Microsoft.IdentityModel.Clients.ActiveDirectory; namespace CreateAzureADApplication { class Program { static void Main(string[] args) { ActiveDirectoryClient directoryClient; ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(new Uri("https://graph.windows.net/{yourAADGUID}"), async () => await GetTokenForApplication()); Application app = new Application(); app.DisplayName = "My Azure AD Native App"; app.PublicClient = true; app.Homepage = "https://myazureadnativeapp"; activeDirectoryClient.Applications.AddApplicationAsync(app).GetAwaiter().GetResult(); } public static async Task<string> GetTokenForApplication() { AuthenticationContext authenticationContext = new AuthenticationContext( "https://login.microsoftonline.com/{yourAADGUID}", false); // Configuration for OAuth client credentials ClientCredential clientCred = new ClientCredential("yourappclientId", "yourappclientsecret" ); AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync("https://graph.windows.net", clientCred); return authenticationResult.AccessToken; } } }
这篇关于如何使用 Azure SDK 创建应用注册的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
