C#控制台应用程序AzureAD如何模仿Powershell的Get-AzureADUser [英] C# console app AzureAD how to mimic powershell's Get-AzureADUser

问题描述

是否有一种方法可以模拟powershell的Get-AzureADUser来读取给定用户上的AD属性，而不必注册我尝试使用Azure构建的C#控制台应用程序?

Is there a way to mimic powershell's Get-AzureADUser to read AD properties on given users without having to register the C# console app I am trying to build with Azure?

我知道您可以在C#中运行powershell，但我想知道是否可以通过其他途径来实现相同的目的而无需注册应用程序?

I know you can run powershell in C# but I am wondering if there is a different route I can take to achieve the same thing WITHOUT registering the app?

推荐答案

简短回答:否.您需要向Azure AD注册应用程序才能进行身份验证.

Short Answer: No. You will need to register an application with Azure AD to be able to authenticate.

更长的答案:

AFAIK Azure AD支持的所有OAuth 2.0授予身份验证都将需要有关用于进行身份验证调用的客户端(即已注册的应用程序)的一些信息.无论您使用ADAL库还是直接访问相关的令牌/授权端点，都是如此.

AFAIK all of the OAuth 2.0 grants for authentication supported by Azure AD will require some information about the client (i.e. registered application) that is being used to make the authentication call. This would be true whether you use ADAL Libraries or directly hit the relevant token/authorization endpoints.

您可能已经知道，但是值得一提的是，使用正确的权限进行身份验证/查询用户数据的最简单和推荐的方法是在Azure AD中注册应用程序.

You may already know but it's worth mentioning that the simplest and recommended way to do authentication/query user data with right privileges will be to register your application with Azure AD.

实际上，Azure AD的默认设置可以促进开发人员能够代表自己注册应用程序并同意应用程序的用例.在这里阅读..

In fact default setup for Azure AD, is such that it promotes the use case of developers being able to register applications and consent to applications on their own behalf. Read here.. Who has permission to add applications to my Azure AD instance? and at the end it mentions that Microsoft itself uses the same configuration internally.

全面披露:我知道一些非常有知识的人(Microsoft MVP，Microsoft Azure AD团队成员)会遵循azure-active-directory标记.因此，即使我认为这是正确的答案，您的问题仍然是等待更多的答案/评论以查看是否还有其他可能.

Full Disclosure: I know that some very knowledgeable people (Microsoft MVP's, Microsoft Azure AD team members) follow the azure-active-directory tag. So even though I think this is the right answer, your question is such that it would make sense to wait for more answers/comments to see if there is anything else possible.

可能的解决方法，如果它适合您的情况:

如果您只是由于没有特定Azure Active Directory租户的权限而不想注册应用程序，则可能有解决方法.

In case you don't want to register your application just because you don't have permissions to a specific Azure Active Directory tenant, there may be a workaround possible.

您仍然需要向其他Azure AD租户或Azure AD B2C注册应用程序，然后将您的应用程序设置为多租户.有关更多详细信息，请参见 此SO帖子 .

You would still need to register your application but with a different Azure AD tenant or with Azure AD B2C, and then make your application as a multi-tenant. See this SO post for more details.

这篇关于C#控制台应用程序AzureAD如何模仿Powershell的Get-AzureADUser的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！