C#MVC和MS Graph问题 [英] C# MVC and MS Graph questions
问题描述
在这里遇到了一些难题.
我有一个C#MVC应用程序(已连接到sharepoint),我需要找到一种方法来从 Azure Active Directory 中检索用户(Sharepoint不为此类加载项提供人员选择器). /p>
我想要实现的目标->一个搜索框,在按钮上单击它会在AD中搜索用户电子邮件或用户名(可能是电子邮件),然后它应返回一个包含Azure AD用户ID和显示名称的json.
我曾考虑过使用MS Graph来做到这一点,但是我没有找到一个很好的教程来将Graph调用实现为MVC.加号! id就像是一种方法,不需要用户做任何事情,只需要单击搜索按钮(因此最好不为用户提供身份验证令牌,而无需图形应用程序登录或类似的东西).
这可能吗?我什至会在JS中执行此操作,因为它将是一个相当封闭"的应用程序,但是我以他们记录了图形实现的方式让我哭了....(所以...是的...请不要将我指向MS图实现文档,非常糟糕).
感谢您的任何帮助.
但丁
根据您的问题和您发表的评论,我认为您可能想使用Microsoft Graph通过电子邮件获取用户ID和显示名称.并且您想要在没有用户登录并同意该应用程序的情况下进行操作.如果我误解了您的问题,请随时让我知道.
我最初的建议是,您可以尝试在没有用户的情况下获取AccessToken.
根据此引用,我们可以获得AccessToken通过某些后台服务或守护程序.
根据我的测试,我们可以尝试以下步骤:
1.获得管理员同意:
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Scope = "openid profile",
ResponseType = "id_token",
TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, NameClaimType = "name" },
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = this.OnAuthenticationFailedAsync,
SecurityTokenValidated = this.OnSecurityTokenValidatedAsync
}
});
ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(Startup.clientId, string.Format(AuthorityFormat, tenantId), Startup.redirectUri,
new ClientCredential(Startup.clientSecret), null, appTokenCache.GetMsalCacheInstance());
AuthenticationResult authResult = await daemonClient.AcquireTokenForClientAsync(new[] { MSGraphScope });
- 我们可以通过来自以下网址的电子邮件获取用户:
https://graph.microsoft.com/v1.0/users/{email address}.例如,https://graph.microsoft.com/v1.0/users/xxx.outlook.com
有关更多详细信息,我们可以参考 v2.0守护程序示例在GitHub上.
got a bit of a dilemma here.
I have a C# MVC app (connected to sharepoint) and i need to find a way to retrieve users from Azure Active Directory (Sharepoint does not provide people picker for this type of addin).
What i want to achieve -> A search box, on button click it searches AD for the user email or name (probably email) and then it should return a json containing the Azure AD user id and display name.
I thought about using MS Graph to do that, but i didnt find a good tutorial to implement Graph calls into MVC. PLUS ! id like a way that doesnt require users to do anything but click the search button (so preferrably no auth token for user, no graph app login or such things).
Is this possible ? I would even do it in JS since it will be a rather "closed" application, but i the way they documented the graph implementation makes me cry.... (so...yeah...pls dont point me to the MS graph implementation doc, its awfull).
Any help would be appreciated, thanks.
Dante
Based on your question and the comments you posted, I think maybe you want to use Microsoft Graph to get the user id and display name by the email; and you want to do it without user logging in and consenting to the app. If I misunderstood your question, please feel free let me know.
My initial suggestion is that you can try to get an AccessToken without a user.
According to this reference we can get an AccessToken by some background services or daemons.
Based on my test, we can try the following steps:
1. Get administrator consent:
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Scope = "openid profile",
ResponseType = "id_token",
TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, NameClaimType = "name" },
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = this.OnAuthenticationFailedAsync,
SecurityTokenValidated = this.OnSecurityTokenValidatedAsync
}
});
ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(Startup.clientId, string.Format(AuthorityFormat, tenantId), Startup.redirectUri,
new ClientCredential(Startup.clientSecret), null, appTokenCache.GetMsalCacheInstance());
AuthenticationResult authResult = await daemonClient.AcquireTokenForClientAsync(new[] { MSGraphScope });
- We can get the user by the email from the url:
https://graph.microsoft.com/v1.0/users/{email address}. For example,https://graph.microsoft.com/v1.0/users/xxx.outlook.com
For more details, we can refer to v2.0 daemon sample on GitHub.
这篇关于C#MVC和MS Graph问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
