如何检查Azure Active Directory中的用户是否属于特定的组成员身份? [英] How to check if a user that is in Azure Active Directory belongs to a specific group membership?
问题描述
我能够查询Azure上的活动目录,并携带用户信息,例如姓名,国家/地区,部门等...
I was able to query the the active directory on Azure and bring the user information such as name, country, department, ... etc.
但是,我想知道登录用户所属的组.我用来带来用户信息的功能如下:
However, I would like to know the group that the user who logged in belongs to. The function that I am using to bring a user's info is like the following:
public IUser GetUserData()
{
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantID);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
async () => await GetTokenForApplication());
// use the token for querying the graph to get the user details
IUser user = activeDirectoryClient.Users
.Where(u => u.ObjectId.Equals(userObjectID))
.ExecuteAsync().Result.CurrentPage.ToList().First();
return user;
}
我尝试使用GetUserData方法内的'activeDirectoryClient'变量来检查用户是否是如下所示的组的成员:
I tried to use 'activeDirectoryClient' variable that is inside GetUserData method to check if a user is a member of a group like the following:
bool d = activeDirectoryClient.IsMemberOfAsync("group1", userObjectID).Result.Value;
但是,它没有用!!
I also found this solution here, took it, and customized it like the following:
public async Task<IList<String>> GetGroups(IUser user)
{
IList<String> groupMembership = new List<String>();
var userFetcher = (IUserFetcher)user;
IPagedCollection<IDirectoryObject> pagedCollection = await userFetcher.MemberOf.ExecuteAsync();
do
{
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
var group = directoryObject as Group;
groupMembership.Add(group.DisplayName);
test.Text += group.DisplayName;
}
}
pagedCollection = await pagedCollection.GetNextPageAsync();
} while (pagedCollection != null);
return groupMembership;
}
我正在使用存储在我的web.config文件中的全局变量
I am using global variables that are stored in my web.config file
private static string clientId = ConfigurationManager.AppSettings["ida:ClientID"];
private static string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string graphResourceId = "https://graph.windows.net";
如何检查用户"是否具有名为"group1"的组
How can I check if 'user' has a group called 'group1'
谢谢!
推荐答案
尝试使用 IUserFetcher.Memberof .
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
async () => await GetTokenForApplication());
IList<string> groupMembership = new List<string>();
IUser user = activeDirectoryClient.Users.Where(u => u.ObjectId.Equals(userObjectID)).ExecuteAsync().Result.CurrentPage.ToList().First();
var userFetcher = (IUserFetcher)user;
IPagedCollection<IDirectoryObject> pagedCollection = userFetcher.MemberOf.ExecuteAsync().Result;
do
{
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
var group = directoryObject as Group;
groupMembership.Add(group.DisplayName);
}
}
pagedCollection = pagedCollection.GetNextPageAsync().Result;
} while (pagedCollection != null);
这篇关于如何检查Azure Active Directory中的用户是否属于特定的组成员身份?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
