验证 Azure Active Directory 中是否存在用户帐户 [英] Verify if user account exists in Azure Active Directory
问题描述
我需要按照一些业务规则从 ASP.NET Core 2 应用程序向用户发送电子邮件.但是,我需要确保发送电子邮件的帐户确实存在(由于某种原因,该帐户可能不再有效).客户正在使用 Azure Active Directory,因此我需要以某种方式查询 AAD,以便让我知道该帐户是否存在.
I need to send an email to users from an ASP.NET Core 2 application, following some business rules. However, I need to ensure that the account the email is being sent to actually exists (for some reason, it may be that the account stopped being valid). The customer is using Azure Active Directory, so I need to query AAD somehow so it lets me know whether the account exists or not.
到目前为止,我一直在寻找 Microsoft Graph 作为实现此目的的一种方法,但是到目前为止我看到的每个示例都需要事先进行身份验证并使用委托身份验证机制.我不希望我的用户必须进行身份验证,也不想提示身份验证屏幕.
So far I have been looking for Microsoft Graph as a way to do this, however every example I have seen so far requires prior authentication and use a delegate authentication mechanism. I don't want my users having to authenticate nor to prompt the authentication screen.
鉴于这种情况,您建议使用什么?如果你也可以给我举个例子,那就太好了.谢谢!
Given this situation, what would you recommend using? If you can also point me to an example, that would be great. Thanks!
推荐答案
您实际上不需要像在当前代码中那样为每个无效用户抛出/捕获异常.出于其他原因,我一般不反对异常处理,但要查看用户是否存在,您可以尝试使用 Filter.
You don't really need to throw/catch exception for every invalid user as you're doing in current code. I have nothing against exception handling in general for other reasons but to see if the user exists or not you can try using Filter.
所以你的图形查询可能看起来像 -
So your graph query could look like -
https://graph.microsoft.com/v1.0/users?$filter=startswith(userPrincipalName,'someuser@mytenant.onmicrosoft.com')
我在这里展示了 startswith 因为 eq 在快速试用中对我不起作用.虽然我会推荐两件事:
I have shown startswith here becuase eq didn't work for me in a quick trial. Although I would recommend two things:
- 在此处查看有关过滤器的 Microsoft 文档,了解最适合您的要求的方法 - 使用查询参数通过 Microsoft Graph 自定义响应
- 在 Microsoft Graph Explorer 非常简单易用.
- Go through Microsoft documentation on Filters here and see what works best for your requirements - Use query parameters to customize responses with Microsoft Graph
- Play a little bit with different queries in Microsoft Graph Explorer it's very simple and easy to use.
这是您的代码的修改版本.
Here is a modified version for your code.
请注意,我正在检查集合计数是否大于 0,而不是检查它是否为空,因为即使在未找到用户的情况下,我的测试运行的 UsersCollectionPage 也不为空.
Note that I'm checking for the collection count to be > 0 and not checking for it to be null, as even in case user is not found the UsersCollectionPage was not null for my test run.
using Microsoft.Identity.Client;
using Microsoft.Graph.Auth;
using Microsoft.Graph;
...
private async Task<bool> ValidateAccounts(string accounts) {
var confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create("clientId here")
.WithTenantId("tokenId here")
.WithClientSecret("secret here")
.Build();
var authProvider = new ClientCredentialProvider(confidentialClientApplication);
var graphClient = new GraphServiceClient(authProvider);
var valid = true;
try {
foreach (var account in accounts.Split(';')) {
var user = await graphClient.Users.Request().Filter("startswith(userPrincipalName, '" + account + "')").GetAsync();
if (user.Count <= 0) {
valid = false;
break;
}
}
} catch (ServiceException ex) {
valid = false;
}
return valid;
}
附带说明,我不确定您的要求,但您可以通过在单个查询中组合多个用户名然后检查结果计数或其他属性来获得创意.您可以在多个条件之间使用 or 或可能使用 any 运算符.不过我还没有真正尝试过.
On a side note, I'm not not sure of your requirements but you could probably get creative by combining multiple user names in single query and then checking for result counts or other propertes. You could use or between multiple criteria or probably use any operator. I haven't really tried this out though.
这篇关于验证 Azure Active Directory 中是否存在用户帐户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
