Azure AD不发出组声明 [英] Azure AD does not emit group claims

问题描述

我正在尝试通过组为基于Azure的应用程序设置基于角色的访问权限.我关注了以下文章(很抱歉，将链接作为代码发布，不允许发布超过1个链接).但是我的应用程序没有收到任何团体声明.

I am trying to set up role based access via groups for my application on azure. I've followed following articles (Sorry for posting links as code, wasn't allowed to post more than 1 link). However my app doesn't receive any group claims.

https://www.simple-talk.com/cloud/security-and-compliance/azure-active-directory-part-4-group-claims/

http://www.dushyantgill.com/blog/2014/12/10/roles-based-access-control-in-cloud-applications-using-azure-ad/

我到目前为止所做的事情

清单文件

    "appId": "d754a979-689d-45f8-8c63-983de55840da"
"appRoles": [
    {
      "allowedMemberTypes": [
        "User"
      ],
      "displayName": "Manager",
      "id": "1e06dae5-467a-40cf-a9a6-14baf3969472",
      "isEnabled": true,
      "description": "Manages",
      "value": "Manager"
    },
    {
      "allowedMemberTypes": [
        "User"
      ],
      "displayName": "Issuer",
      "id": "da85f458-720d-4c09-861f-92f5c465ee3e",
      "isEnabled": true,
      "description": "Issues",
      "value": "Issuer"
    },
    {
      "allowedMemberTypes": [
        "User"
      ],
      "displayName": "Supervisor",
      "id": "d64807d4-6e12-4637-a049-2a61b250507b",
      "isEnabled": true,
      "description": "Can perform any function",
      "value": "Supervisor"
    }
  ],
  "availableToOtherTenants": false,
  "displayName": "traffic",
  "errorUrl": null,
  "groupMembershipClaims": "SecurityGroup",
  "homepage": "https://myapp.ca",
  "identifierUris": [
    "https://myapp.azurewebsites.net/"
  ],

还在azure上向应用程序添加了相关的组(假设该组至少包含一个用户) Azure上的组分配

Also added relevant groups to app on azure (assume that the group contains at least one user) Groups Assignment on Azure

但是我的应用程序中没有任何团体声明.以下代码始终计数为零.有任何想法吗?预先感谢.

But I don't get any group claims in my app. The following code results in a count of zero, always. Any ideas? Thanks in advance.

var claims = ClaimsPrincipal.Current.Claims.Where(c => c.Type == "groups");

            Debug.Print("Total Group Claims in HomeController #### "+claims.Count());

            foreach (Claim c in claims)
            {
                Debug.Print("%%%%%%%% " + c.Value + " %%% VALUETYPE %%% " + c.Type);
            }

推荐答案

问题已解决.我在输入错误的应用程序配置文件.我的广告中注册了许多应用程序(沙箱，测试等).原来我在编辑错误的配置文件.我在问题中提到的步骤确实有效.感谢@Fei Xue-MSFT给您的时间和帮助.

Problem solved. I was barking up the wrong app profile. There are numerous apps registered with my AD (sandbox, testing etc.). Turns out that I was editing the wrong profile. The steps I mentioned in my problem do work. Thanks @Fei Xue - MSFT for your time and help.

这篇关于Azure AD不发出组声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！