在 Azure Active Directory 中删除应用程序的 AppRole [英] Deleting an Application's AppRole in Azure Active Directory
问题描述
从应用程序的清单中删除 AppRole 会产生 400 Bad Request 和错误
Removing an AppRole from an Application’s manifest produces a 400 Bad Request with the error
除非先禁用属性值,否则无法删除它.
Property value cannot be deleted unless it is disabled first.
当我将 isEnabled 属性设置为 false 然后点击保存时,我会成功保存,并查看浏览器开发人员工具显示 200 OK:
When I set the isEnabled property to false and then hit save, I get a successful saven with a 200 OK looking at the browsers developer tools:
重新加载编辑清单屏幕后,isEnabled 属性仍为 true,如果您查看浏览器开发人员工具中的 PUT 响应,它会以 的形式返回确实也有.
After reloading the Edit manifest screen the isEnabled property is still true and if you look at the PUT response in the browsers developer tools, it's coming back as true there too.
如何删除 appRole 而无需删除并重新创建整个应用程序?
How can I remove an appRole without having to delete and recreate the entire application?
我提出了以下问题 错误.
推荐答案
在解决此问题之前,有两个选项可以解决此问题:
Until this gets fixed, there two options to work around this issue:
使用 Azure AD PowerShell,您可以禁用然后删除应用角色.这是一个可以实现此目的的示例脚本:
Using Azure AD PowerShell, you can disable and then remove the app role. Here's a sample script that would achieve this:
$appId = "83d7d56d-6e64-4791-b8e8-9a8da8dd957e"
$appRoleValue = "app-role-value" # i.e. the scope
Connect-AzureAD
# Disable the AppRole
$app = Get-AzureADApplication -Filter "appId eq '$appId'"
($app.AppRoles | Where-Object { $_.Value -eq $appRoleValue }).IsEnabled = $false
Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $app.AppRoles
# Remove the AppRole
$toRemove = $app.AppRoles | Where-Object { $_.Value -eq $appRoleValue }
$app.AppRoles.Remove($toRemove) | Out-Null
Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $app.AppRoles
另一种选择是使用 Azure AD 图形资源管理器并在应用程序对象上发出两个 PATCH 请求.第一个 PATCH 请求应将应用角色的 isEnabled 属性设置为 false.然后第二个 PATCH 请求可以删除应用角色(即包括所有现有的应用角色,除了禁用的角色).
An alternative option is to user the Azure AD Graph Explorer and issue two PATCH requests on the Application object. The first PATCH request should set the app role's isEnabled attribute to false. The second PATCH request can then remove the app role (i.e. include all existing app roles except the disabled one).
这篇关于在 Azure Active Directory 中删除应用程序的 AppRole的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
