验证用户帐户在Azure Active Directory中是否存在 [英] Verify if user account exists in Azure Active Directory
问题描述
我需要遵循一些业务规则,从ASP.NET Core 2应用程序向用户发送电子邮件.但是,我需要确保发送电子邮件的帐户确实存在(出于某种原因,可能是该帐户已停止有效).客户正在使用Azure Active Directory,因此我需要以某种方式查询AAD,以便它让我知道该帐户是否存在.
I need to send an email to users from an ASP.NET Core 2 application, following some business rules. However, I need to ensure that the account the email is being sent to actually exists (for some reason, it may be that the account stopped being valid). The customer is using Azure Active Directory, so I need to query AAD somehow so it lets me know whether the account exists or not.
到目前为止,我一直在寻找Microsoft Graph作为执行此操作的方法,但是到目前为止,我看到的每个示例都需要事先进行身份验证并使用委托身份验证机制.我不希望我的用户必须进行身份验证,也不希望出现身份验证屏幕.
So far I have been looking for Microsoft Graph as a way to do this, however every example I have seen so far requires prior authentication and use a delegate authentication mechanism. I don't want my users having to authenticate nor to prompt the authentication screen.
鉴于这种情况,您建议使用什么?如果您还可以指出一个例子,那就太好了.谢谢!
Given this situation, what would you recommend using? If you can also point me to an example, that would be great. Thanks!
推荐答案
您实际上并不需要像在当前代码中那样为每个无效用户抛出/捕获异常.我一般不会因为其他原因而反对异常处理,但是要查看用户是否存在,可以尝试使用 Filter .
You don't really need to throw/catch exception for every invalid user as you're doing in current code. I have nothing against exception handling in general for other reasons but to see if the user exists or not you can try using Filter.
所以您的图形查询看起来像-
So your graph query could look like -
https://graph.microsoft.com/v1.0/users?$filter=startswith(userPrincipalName,'someuser@mytenant.onmicrosoft.com')
我在这里显示了 startswith ,因为 eq 在我的快速试用中不起作用.尽管我会建议两件事:
I have shown startswith here becuase eq didn't work for me in a quick trial. Although I would recommend two things:
- 在此处浏览有关筛选器的Microsoft文档,并查看最适合您的需求的方法- Microsoft Graph Explorer ,它非常简单易用.
- Go through Microsoft documentation on Filters here and see what works best for your requirements - Use query parameters to customize responses with Microsoft Graph
- Play a little bit with different queries in Microsoft Graph Explorer it's very simple and easy to use.
这是您代码的修改版本.
Here is a modified version for your code.
请注意,我正在检查集合计数是否大于0,而不是将其检查为null,即使在未找到用户的情况下,我的测试运行中UsersCollectionPage也不为空.
Note that I'm checking for the collection count to be > 0 and not checking for it to be null, as even in case user is not found the UsersCollectionPage was not null for my test run.
using Microsoft.Identity.Client;
using Microsoft.Graph.Auth;
using Microsoft.Graph;
...
private async Task<bool> ValidateAccounts(string accounts) {
var confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create("clientId here")
.WithTenantId("tokenId here")
.WithClientSecret("secret here")
.Build();
var authProvider = new ClientCredentialProvider(confidentialClientApplication);
var graphClient = new GraphServiceClient(authProvider);
var valid = true;
try {
foreach (var account in accounts.Split(';')) {
var user = await graphClient.Users.Request().Filter("startswith(userPrincipalName, '" + account + "')").GetAsync();
if (user.Count <= 0) {
valid = false;
break;
}
}
} catch (ServiceException ex) {
valid = false;
}
return valid;
}
另一方面,我不确定您的要求,但是您可以通过在单个查询中组合多个用户名然后检查结果计数或其他属性来发挥创意.您可以在多个条件之间使用 或 ,或者可能使用 any 运算符.我还没有真正尝试过.
On a side note, I'm not not sure of your requirements but you could probably get creative by combining multiple user names in single query and then checking for result counts or other propertes. You could use or between multiple criteria or probably use any operator. I haven't really tried this out though.
这篇关于验证用户帐户在Azure Active Directory中是否存在的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
