如何更新 MS Graph 客户端服务主体 AppRoleAssignments [英] How To Update MS Graph Client Service Principal AppRoleAssignments

问题描述

我正在尝试通过图形客户端更新用户的 AppRole 分配.根据 MS 文档，我试图从服务主体方面而不是用户方面进行操作.

I am attempting to update a user's AppRole assignments via the Graph Client. As per MS documents I am attempting to do it from the service principal side rather than the user side.

                var sp = await _graphServiceClient.ServicePrincipals[objectId].Request().GetAsync();
                ServicePrincipal newSp = new ServicePrincipal
                {
                    Id = objectId,
                    AppId = _configuration["AzureAd:AppId"]
                };

                newSp.AppRoleAssignedTo = new ServicePrincipalAppRoleAssignedToCollectionPage();

                    newSp.AppRoleAssignedTo.Add(new AppRoleAssignment 
                    { 
                        PrincipalId = new Guid(u.Id), 
                        ResourceId = new Guid(objectId), 
                        AppRoleId = new Guid(r) 
                     });
                

                await _graphServiceClient.ServicePrincipals[objectId].Request().UpdateAsync(newSp);

我收到指定的一个或多个属性值无效"，但当然没有关于哪个属性甚至哪个对象是问题的真实信息.

I am getting 'One or more property values specified are invalid' but of course no real info on what property or even which object is the problem.

有人看到什么明显的东西吗?我在猜测客户端使用的语法 bc 我没有看到太多的文档或示例.

Anyone see anything obvious? I'm guessing on the syntax for the client usage bc I don't see much documentation or examples for it.

推荐答案

我用和你一样的代码测试，遇到了同样的问题，做了一些修改，但仍然无法解决问题.对于你的更新用户的AppRole分配的需求，我不确定你提供的代码是否可以做到，但我可以提供另一种更直接的解决方案.

I test with same code with yours and met same issue and do some modification but still can't solve the issue. For your requirement of update user's AppRole assignment, I'm not sure if we can do it by the code you provided, but I can provide another solution which is more directly.

您提供的代码是新的服务主体并将角色分配添加到其中，然后更新服务主体.这里提供另一种解决方案，它可以直接添加应用程序角色分配:

The code you provided is new a service principal and add the role assignment into it, then update the service principal. Here provide another solution, it can add the app role assignment directly:

var appRoleAssignment = new AppRoleAssignment
{
    PrincipalId = Guid.Parse("{principalId}"),
    ResourceId = Guid.Parse("{resourceId}"),
    AppRoleId = Guid.Parse("{appRoleId}")
};

await graphClient.Users["{userId}"].AppRoleAssignments
    .Request()
    .AddAsync(appRoleAssignment);

上面的代码请求 这个 后端的图形 API.

The code above request this graph api in backend.

这篇关于如何更新 MS Graph 客户端服务主体 AppRoleAssignments的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！