如何在Graph Api中使用appRoleAssignment [英] How to use appRoleAssignment in Graph Api

问题描述

我正在尝试利用beta api将Azure用户分配给应用程序.

I'm trying to leverage the beta api for assigning azure users to applications.

我查看了文档，并使用HttpClient和WebClient在C#控制台应用程序中尝试了多种尝试，但均未成功.然后，我去了Microsoft图浏览器 https://developer.microsoft.com/en -us/graph/graph-explorer .我无法使它正常工作.

I looked at the documentation and tried a variety of attempts in a C# console app using HttpClient and WebClient and couldn't succeed. I then went to the Microsoft graph explorer https://developer.microsoft.com/en-us/graph/graph-explorer . I couldn't get it to work.

我看了看文档 https://developer.microsoft.com/en -us/graph/docs/api-reference/beta/api/approleassignment_get

该文档的HTTP请求的实际文档与示例不匹配. Graph Explorer似乎暗示该示例是正确的，但是通过各种尝试，我只能得到

The document's actual documentation of the HTTP request which doesn't match the Example. The Graph Explorer seems to hint that the example is correct, but through various attempts, I can only get a response of

{
    "error": {
        "code": "Request_UnsupportedQuery",
        "message": "Direct queries to this resource type are not supported.",
        ...
    }
}

我的基本网址是 https://graph.microsoft.com/beta/appRoleAssignments/

该示例显示{id}，但我不知道要输入什么.我输入了几个guid，用户ID，对象ID，资源ID，但没有一个起作用.

The example says {id} but I have no idea what to put in. I put in several guids, user ids, object ids, resource ids, and none worked.

这并不是说有任何拒绝访问的消息，因此我认为它与Scopes无关(尽管与此同时文档也有些空白).

It isn't saying any access denied messages so I assume it has nothing to do with Scopes (all though the documentation is a little empty regarding that as well).

理想情况下，我可以查看给定的Guest Azure用户是否有权访问特定的应用程序，然后可以去更新作业.我可能还需要删除作业.

Ideally, I'd be able to see if for a given Guest Azure User has access to a particular App, then I'd be able to go and Update the assignment. I'll probably also need to delete the assignment as well.

推荐答案

Microsoft Graph API的beta终结点当前不允许您列出AppRoleAssignments. 幸运的是，

It looks like the Microsoft Graph API's beta endpoint doesn't currently allow you to list AppRoleAssignments. Fortunately, the Azure AD Graph API does work for this (plus, it's not a beta endpoint, so it's more likely to be stable).

要列出分配给用户的所有应用程序角色(使用Azure AD Graph和Microsoft Graph(测试版)):

To list all app roles a user is assigned (with Azure AD Graph and Microsoft Graph (beta)):

   https://graph.windows.net/{tenant-id}/users/{id}/appRoleAssignments?api-version=1.6
   https://graph.microsoft.com/beta/users/{id}/appRoleAssignments

要列出分配了组的所有应用角色，请执行以下操作:

To list all app roles a group is assigned:

   https://graph.windows.net/{tenant-id}/groups/{id}/appRoleAssignments?api-version=1.6
   https://graph.microsoft.com/beta/groups/{id}/appRoleAssignments

相反，并列出分配给应用程序的所有用户或组:

To do the reverse, and list all users or groups assigned to an app:

   https://graph.windows.net/{tenant-id}/servicePrincipals/{id}/appRoleAssignedTo?api-version=1.6
   https://graph.microsoft.com/beta/servicePrincipals/{id}/appRoleAssignedTo

这篇关于如何在Graph Api中使用appRoleAssignment的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！