使用http发布请求在具有Graph API的Azure Active Directory（B2C）中创建新用户 [英] Create a new user in Azure Active Directory (B2C) with Graph API, using http post request

问题描述

我以前一直使用Active Directory身份验证库（ADAL）以编程方式添加用户，但是现在我需要定义 signInNames（=用户电子邮件），而ADAL似乎不可行（请告诉我是否我错了）。

I have previously been adding users programmatically using Active Directory Authentication Library (ADAL), but now I need to define "signInNames" (= users email), and that doesn't seem to be possible with ADAL (please tell me if im wrong).

现在，我正尝试使用HTTP POST，按照有关MSDN的文档。

Now I'm trying to add a new user (local account) programmatically using HTTP POST, following the documentation on MSDN.

//Get access token (using ADAL)
var authenticationContext = new AuthenticationContext(AuthString, false);
var clientCred = new ClientCredential(ClientId, ClientSecret);
var authenticationResult = authenticationContext.AcquireTokenAsync(ResourceUrl, clientCred);
var token = authenticationResult.Result.AccessToken;


//HTTP POST CODE
const string mail = "new@email.com";
// Create a new user object.
var user = new CustomUser
{
    accountEnabled = true,
    country = "MS",
    creationType = "LocalAccount",
    displayName = mail,
    passwordPolicies = "DisablePasswordExpiration,DisableStrongPassword",
    passwordProfile = new passwordProfile { password = "jVPmEm)6Bh", forceChangePasswordNextLogin = true },
    signInNames = new signInNames { type = "emailAddress", value = mail }
};

var url = "https://graph.windows.net/" + TenantId + "/users?api-version=1.6";

var jsonObject = JsonConvert.SerializeObject(user);

using (var client = new HttpClient())
{
    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);

    var response = client.PostAsync(url,
        new StringContent(JsonConvert.SerializeObject(user).ToString(),
            Encoding.UTF8, "application/json"))
            .Result;

    if (response.IsSuccessStatusCode)
    {
        dynamic content = JsonConvert.DeserializeObject(
            response.Content.ReadAsStringAsync()
            .Result);

        // Access variables from the returned JSON object
        var appHref = content.links.applications.href;
    }
}

但是我没有成功，得到以下答复： / p>

But i have no success, getting this response:

{StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content:....}

任何想法我应该怎么做？我成功使用了Powershell脚本，但是我需要在C＃应用程序中执行此操作。

Any ideas what i should do? I succeeded using Powershell-script, but I need to do this in my C# app.

推荐答案

感谢您的回复费雪，我相信自己拥有正确的权限。我为解决我的问题所做的工作。

Thank you for your response Fei Xue, i believe i had the right permissions. What i did to solvem my problem.

首先，我删除了自己的自定义类 NewUser，然后下载了此示例项目： https://github.com/AzureADQuickStarts/B2C-GraphAPI-DotNet/blob/master/ B2CGraphClient / B2CGraphClient.cs 来消除我的代码错误的风险。我对其进行了修改以满足我的需求，然后创建了一个简单的JObject：

First off i removed my own custom class "NewUser", then i downloaded this sample-project: https://github.com/AzureADQuickStarts/B2C-GraphAPI-DotNet/blob/master/B2CGraphClient/B2CGraphClient.cs to eliminate the risk that my code was wrong. I modified it to support my needs, then i created a simple JObject:

var jsonObject = new JObject
                        {
                            {"accountEnabled", true},
                            {"country", customer.CustomerBase.Company},
                            {"creationType", "LocalAccount"},
                            {"displayName", pendingCustomer.Email.Trim()},
                            {"passwordPolicies", "DisablePasswordExpiration,DisableStrongPassword"},
                            {"passwordProfile", new JObject
                            {
                                {"password", pwd},
                                {"forceChangePasswordNextLogin", true}
                            } },
                            {"signInNames", new JArray
                                {
                                    new JObject
                                    {
                                        {"value", pendingCustomer.Email.Trim()},
                                        {"type", "emailAddress"}
                                    }
                                }
                            }
                        };

client = new B2CGraphClient(ClientId, ClientSecret, TenantId);
var response = await client.CreateUser(jsonObject.ToString());
var newUser = JsonConvert.DeserializeObject<User>(response);

来自B2CGraphClient.cs

From B2CGraphClient.cs

        private async Task<string> SendGraphPostRequest(string api, string json)
    {
        // NOTE: This client uses ADAL v2, not ADAL v4
        var result = authContext.AcquireToken(Globals.aadGraphResourceId, credential);
        var http = new HttpClient();
        var url = Globals.aadGraphEndpoint + tenant + api + "?" + Globals.aadGraphVersion;

        var request = new HttpRequestMessage(HttpMethod.Post, url);
        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
        request.Content = new StringContent(json, Encoding.UTF8, "application/json");
        var response = await http.SendAsync(request);

        if (!response.IsSuccessStatusCode)
        {
            var error = await response.Content.ReadAsStringAsync();
            var formatted = JsonConvert.DeserializeObject(error);
            //Console.WriteLine("Error Calling the Graph API: \n" + JsonConvert.SerializeObject(formatted, Formatting.Indented));
            Logger.Error("Error Calling the Graph API: \n" + JsonConvert.SerializeObject(formatted, Formatting.Indented));
        }
        Logger.Info((int)response.StatusCode + ": " + response.ReasonPhrase);

        return await response.Content.ReadAsStringAsync();
    }

这终于解决了我所有的问题，这可能是格式错误我的NewCustomer-class的序列化，然后被API拒绝。

This finally solved all my problems, it was probably an format-error in the serialization of my NewCustomer-class, which then got rejected by the API.

这篇关于使用http发布请求在具有Graph API的Azure Active Directory（B2C）中创建新用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！