使用.NET Core(API和HTTP)创建Azure AD应用程序和服务主体 [英] Creating Azure AD application and a service principal using .NET Core (the API and HTTP)

问题描述

继续执行我的以编程方式创建和Azure应用程序的任务(此操作从 https://stackoverflow.com/a/44753728/1332416开始)，我的内核按如下方式获取subscriptionID和tenantId，但是我不知所措，因为我该如何在本地创建应用程序及其相关的服务主体.在PowerShell的情况下，基本上是使用New-AzureRmADApplication和New-AzureRmADServicePrincipal的地方.在 https://stackoverflow.com/a/44631758/1332416 中可以部分回答此问题，但它看起来像.NET核心可能是这里出现某些问题的原因，因为找不到类型.

To continue my quest to programmatically create and Azure application (this continues from https://stackoverflow.com/a/44753728/1332416), I have core that acquires a subscriptionID and a tenantId as follows, but I'm at loss as how could I create an application and its associated service principal locally. This is basically where New-AzureRmADApplication and New-AzureRmADServicePrincipal would be used in case of PowerShell. This question is partially answered at https://stackoverflow.com/a/44631758/1332416, but it looks like .NET Core may be the cause of some problems here as the types aren't to be found.

更具体地说，我有如下代码

To be more concrete, I have code as follows to

string resource = "https://management.core.windows.net/";
string clientId = "1950a258-227b-4e31-a9cf-717495945fc2";
string userName = "<replace>";
string password = "<replace>";
string apiVersion = "2016-06-01";

using(var client = new HttpClient())
{
    client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
    string tokenEndpoint = "https://login.microsoftonline.com/common/oauth2/token";
    var body = $"resource={resource}&client_id={clientId}&grant_type=password&username={userName}&password={password}";
    var stringContent = new StringContent(body, Encoding.UTF8, "application/x-www-form-urlencoded");
    var response = await client.PostAsync(tokenEndpoint, stringContent).ConfigureAwait(false);
    var result = await response.Content.ReadAsStringAsync().ConfigureAwait(false);

    JObject jobject = JObject.Parse(result);
    var token = jobject["access_token"].Value<string>();

    client.DefaultRequestHeaders.Add("Authorization", $"bearer {token}");
    var subcriptions = await client.GetStringAsync($"https://management.azure.com/subscriptions?api-version={apiVersion}").ConfigureAwait(false);
    var tenants = await client.GetStringAsync($"https://management.azure.com/tenants?api-version={apiVersion}").ConfigureAwait(false);
    Console.WriteLine(subcriptions);
    Console.WriteLine(tenants);

    //We have the SubscriptionID, TenantId and the token to
    //the subscription here. How to do New-AzureRmADApplication and New-AzureRmADServicePrincipal with the application ID here? Specifically I'm considering to use a certificate thumbrint if it matters.
    //var subscription = "... from subscriptions...";
    //var tenantId = "... from tenants...";
}

推荐答案

您可以获取访问令牌并调用Azure AD Graph API来创建应用程序和服务主体. (尽管仅通过beta端点，Microsoft Graph API也允许它)

You can acquire an access token and call Azure AD Graph API to create the application and service principal. (Microsoft Graph API also allows it, though only through the beta endpoint)

您可以在此处找到应用程序实体文档:

You can find the application entity documentation here: https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/entity-and-complex-type-reference#application-entity

要获取令牌，您的应用将需要具有在Azure AD中为Azure AD Graph API授予的必要的委派/应用权限.

To acquire the token, your app will need to have the necessary delegated/app permissions granted in Azure AD for Azure AD Graph API.

然后，当您获得令牌时，请使用https://graph.windows.net作为资源.

Then when you get the token, use https://graph.windows.net as the resource.

然后，您应该可以使用这样的正文发布到https://graph.windows.net/tenant-id/applications?api-version=1.6:

Then you should be able to POST to https://graph.windows.net/tenant-id/applications?api-version=1.6 with a body like this:

{
  "displayName":"Test app",
  "identifierUris": [
    "https://mytenant.onmicrosoft.com/testapp"
  ],
  "homePage":"http://localhost"
}

在网址中

用您的租户ID替换 tenant-id .

这是创建的应用程序，在响应中，您将获得创建的应用程序.

That's the application created, in the response you will get the created app.

从中获取appId字段，您将需要它来创建服务主体.

Grab the appId field from it, you will need it to create the service principal.

然后使用以下正文进行POST到:https://graph.windows.net/tenant-id/servicePrincipals?api-version=1.6:

Then make a POST to: https://graph.windows.net/tenant-id/servicePrincipals?api-version=1.6 with a body like this:

{
  "appId":"eb167a6d-aaaa-aaaa-aaaa-46e981be37fa"
}

这将创建相应的服务主体.

And that should create the corresponding service principal.

这篇关于使用.NET Core(API和HTTP)创建Azure AD应用程序和服务主体的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！