调用AddUserAsync .NET Core 2.0时PlatformNotSupported异常 [英] PlatformNotSupported Exception when calling AddUserAsync .NET Core 2.0

问题描述

我正在尝试编写一些使用Graph API在Azure AD中创建用户的代码。我从网上开始有一个示例，但是现在在添加用户时，它在网上失败

I am trying to write some code that creates a user in Azure AD using the Graph API. I started w/ an example off the net, but right now it fails when adding the user, on the line

await adClient.Users.AddUserAsync （userGraphObj）；

在下面的 CreateUser（）方法中。我得到的错误是

In the CreateUser() method below. The error I get is

我正在使用.NET Core 2.0，并且在Windows 7上进行调试。谷歌搜索了一下，发现它们为2.0带来了序列化，但仅适用于特定类型。

I am using .NET Core 2.0, debugging on Windows 7. Googling around and I found that they brought serialization back for 2.0, but only for specific types.

我不在乎。如何在代码中将用户添加到Azure AD？

I don't really care. How can I add a user to Azure AD in code?

const String appClientID = "2be733f1-88c3-6482-8e2a-5e9631fc3a32";
const String tenant = "brazzers.onmicrosoft.com";
const String authString = "https://login.microsoftonline.com/" + tenant;
const String authClientSecret = "dDdaVGee315s65ewDSWEwfdw7wq5efDNO5C3cvN4RA";
const String resAzureGraphAPI = "https://graph.windows.net";
const String serviceRootURL = resAzureGraphAPI + appClientID;

private ActiveDirectoryClient GetAADClient()
{
    Uri serviceRoot = new Uri(serviceRootURL);
    ActiveDirectoryClient adClient = new ActiveDirectoryClient(
        serviceRoot, async () => await GetAppTokenAsync());
    return adClient;
}

private static async Task<String> GetAppTokenAsync()
{
    AuthenticationContext authenticationContext = new AuthenticationContext(authString, false);
    ClientCredential clientCred = new ClientCredential(appClientID, authClientSecret);
    AuthenticationResult authResult = await authenticationContext.AcquireTokenAsync(resAzureGraphAPI, clientCred);
    return authResult.AccessToken;
}

public async Task<IActionResult> CreateUser()
    {
        var adClient = GetAADClient();

        //Construct The User
        String userEmail = "TestUser@Brazzers.com";
        String mailNickname = userEmail.Split(new char[] { '@' }).FirstOrDefault();

        var userGraphObj = new Microsoft.Azure.ActiveDirectory.GraphClient.User()
        {
            GivenName = "Test",
            Surname = "User",
            Mobile = "13133124044",
            MailNickname = mailNickname,
            DisplayName = "Test User",
            AccountEnabled = true
        };

        await adClient.Users.AddUserAsync(userGraphObj);

        return Ok(tempPassword);

    }

推荐答案

Microsoft本身建议不要再使用Azure AD Graph API，而应使用Microsoft Graph API（请参见博客文章）。

Microsoft itself recommends not to use the Azure AD Graph API anymore, in favor of the Microsoft Graph API (cf blog post).

如果您对使用Azure AD API的要求不高，请按照以下步骤操作

If you don't have a strong requirement to use the Azure AD API, here are the steps to create a user via the latest API.

免责声明：

• 我从未管理过从桌面应用程序成功获取令牌


• 我还不太了解应该如何使用权限范围（这里似乎要使用URL，但在示例中通常是字符串列表，例如 User.ReadWrite.All 或 Directory.ReadWrite.All ）

• I never managed to successfully acquire a token from a desktop application
• I haven't really understood how the permissions scopes are supposed to be used (here it seems to want a URL, but in the examples it's usually a list of strings, such as User.ReadWrite.All or Directory.ReadWrite.All)

获取令牌的代码：

const String appClientID = "2be733f1-88c3-6482-8e2a-5e9631fc3a32";
const String tenant = "brazzers.onmicrosoft.com";
const String authString = "https://login.microsoftonline.com/" + tenant;
const String authClientSecret = "dDdaVGee315s65ewDSWEwfdw7wq5efDNO5C3cvN4RA";

public static GraphServiceClient GetAuthenticatedClient()
{
    var delegateAuthenticationProvider = new DelegateAuthenticationProvider(
        async (requestMessage) =>
        {
            var accessToken = await GetAppTokenAsync();
            requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", accessToken);
        }
    );

    return new GraphServiceClient(delegateAuthenticationProvider);
}

private static async Task<String> GetAppTokenAsync()
{
    // this doesn't work for desktop apps, 
    // and PublicClientApplication throws a NotImplementedException
    var cca = new ConfidentialClientApplication(
        appClientID,
        authString, 
        "http://www.example.com/", // no redirect
        new ClientCredential(authClientSecret),
        new TokenCache(),
        new TokenCache());

    var authResult = await cca.AcquireTokenForClientAsync(new[] { $"https://graph.microsoft.com/.default" });
    return authResult.AccessToken;
}

创建用户的代码（由样本）：

public async Task<User> CreateUser(GraphServiceClient graphClient)
{
    // This snippet gets the tenant domain from the Organization object to construct the user's email address.
    var organization = await graphClient.Organization.Request().GetAsync();
    var domain = organization.CurrentPage[0].VerifiedDomains.ElementAt(0).Name;

    // Add the user.
    var userEmail = "TestUser@" + domain;
    var mailNickname = userEmail.Split(new char[] { '@' }).FirstOrDefault();

    return await graphClient.Users.Request().AddAsync(new User
    {
        AccountEnabled = true,
        DisplayName = "Test User",
        MailNickname = mailNickname,
        PasswordProfile = new PasswordProfile
        {
            Password = "super_strong_password"
        },
        UserPrincipalName = userEmail
    });
}

这篇关于调用AddUserAsync .NET Core 2.0时PlatformNotSupported异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！