身份验证用户的Azure Active Directory组 [英] Azure Active Directory Groups for Authenticated User

问题描述

我有一个带有重定向登录的简单C#/MVC 5 Azure应用，我试图简单地获取经过身份验证的用户所属的Azure Active Directory组.

I have a simple C#/MVC 5 Azure app with a redirect sign-on and I am trying to simply get the Azure Active Directory Groups to which my authenticated User belongs.

我花了很多时间浏览所有与以下内容相关的相互冲突的教程和MSDN内容: AAD组，声明，图形API，Azure门户应用注册等...

I am having a devil of a time navigating all the various conflicting tutorials and MSDN content relating to:  AAD Groups, Claims, Graph API, Azure Portal App Registration, etc...

我要做的就是遍历他们所属的用户组.

All I want to do is loop through a User's Groups that they are a member of.

有人对如何做到这一点有一个简洁明了的解释(没有各种额外的角色/索赔内容)?

Does anyone have a clean, simple explanation of how to do only this (without all kinds of extra Role/Claims stuff)?

是否必须将我的Azure应用转换为门户中的已注册Azure应用?

Does my Azure App have to be converted into a Registered Azure Application in the portal in order to be able to do this?

似乎很难解决...

此电话:
https://graph.windows.net/myorganization/groups/{object_id}/$ links/members?api-version

This call:
https://graph.windows.net/myorganization/groups/{object_id}/$links/members?api-version

生成缺少或格式错误的访问令牌.

produces an Access Token missing or malformed.

然后有人说我需要从其他地方发送令牌...

Then somewhere people say I need to send a token from somewhere else...

推荐答案

您是否尝试过/memberOf端点?

Have you tried the /memberOf endpoint?

https://graph.microsoft.com/v1.0/users/user@domain.com/memberOf

这篇关于身份验证用户的Azure Active Directory组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！