图 API - 使用 .Net Core 3.1 添加架构扩展 [英] Graph API - adding Schema Extension using .Net Core 3.1
问题描述
我需要向我的 Azure B2C 用户添加自定义声明,所以我想这样做的方法是使用 Graph API(测试版)为我的目录应用程序向用户添加架构扩展.
我为此编写了一个简单的测试:
SchemaExtension schemaExtension = 新的 SchemaExtension{Id = 架构名称,所有者 = _appClientId.ToString(),描述 = string.IsNullOrWhiteSpace(schemaDesc) ?string.Empty : schemaDesc.Trim(),TargetTypes = 新列表<字符串>{用户"},属性 = 新列表{新的扩展架构属性{Name = "isGlobalAdmin",类型 = 布尔"},新的扩展架构属性{Name = "isOrganizationAdmin",类型 = 布尔"}}};SchemaExtension 扩展 = 等待 GraphClient.SchemaExtensions.要求().AddAsync(schemaExtension); 首先,由于缺乏权限,它不起作用.所以我在我的目录中创建了一个新用户并为其添加了全局管理员角色.然后我在应用程序身份验证设置中将将应用程序视为公共客户端设置为 true.那个固定的权限问题.
但现在我有了这个:
<块引用>Microsoft.Graph.ServiceException:代码:Service_InternalServerError
我尝试更改 SchemaExtension 的参数,但没有任何帮助.
我怎样才能做到这一点?
我使用的 API - Microsoft.Graph.Beta
更新 - 图形 API 初始化
私有异步任务InitGraphClientWithUserAndPassword(){尝试{IPublicClientApplication publicClientApplication = PublicClientApplicationBuilder.Create(_appClientId.ToString()).WithTenantId(_tenantId.ToString()).建造();UsernamePasswordProvider authProvider = new UsernamePasswordProvider(publicClientApplication);//范围GraphServiceClient graphClient = new GraphServiceClient(authProvider);SecureString securePass = new NetworkCredential("", _password).SecurePassword;用户我 = 等待 graphClient.Me.Request().WithUsernamePassword(_userEmail,securePass).GetAsync();返回图客户端;}捕获(异常前){const string ERR_MSG = 无法创建 GraphAPI 客户端";_logger.LogError(ex, ERR_MSG);抛出新的 IlgGraphApiException(ERR_MSG, ex);}} 我已经测试了你的代码.它适用于 Azure AD,但出现错误代码:Service_InternalServerError 消息:遇到内部服务器错误. 内部错误 适用于 Azure AD B2C.>
我不认为 Microsoft Graph API Create schemaExtension 目前支持 Azure AD B2C.
作为这个 article 说,Azure AD B2C 中的自定义属性使用 Azure AD Graph API 目录架构扩展.对用于查询 Azure AD B2C 租户的更新 Microsoft Graph API 的支持仍在开发中.
I need to add custom claims to my Azure B2C users, so I figured the way to do this is to add schema extensions to the User for my directory App with Graph API (beta).
I wrote a simple test for that:
SchemaExtension schemaExtension = new SchemaExtension
{
Id = schemaName,
Owner = _appClientId.ToString(),
Description = string.IsNullOrWhiteSpace(schemaDesc) ? string.Empty : schemaDesc.Trim(),
TargetTypes = new List<string>
{
"User"
},
Properties = new List<ExtensionSchemaProperty>
{
new ExtensionSchemaProperty
{
Name = "isGlobalAdmin",
Type = "Boolean"
},
new ExtensionSchemaProperty
{
Name = "isOrganizationAdmin",
Type = "Boolean"
}
}
};
SchemaExtension extension = await GraphClient.SchemaExtensions
.Request()
.AddAsync(schemaExtension);
First, it didn't work because of lack of permissions. So I created a new user in my directory and added Global Admin role to it. Then I set Treat application as a public client to true in the app authentication settings. That fixed permission problem.
But now I have this one:
Microsoft.Graph.ServiceException : Code: Service_InternalServerError
I tried changing params for the SchemaExtension but nothing helps.
How can I make this work?
API I use - Microsoft.Graph.Beta
UPDATE - Graph API init
private async Task<GraphServiceClient> InitGraphClientWithUserAndPassword()
{
try
{
IPublicClientApplication publicClientApplication = PublicClientApplicationBuilder
.Create(_appClientId.ToString())
.WithTenantId(_tenantId.ToString())
.Build();
UsernamePasswordProvider authProvider = new UsernamePasswordProvider(publicClientApplication); // scopes
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
SecureString securePass = new NetworkCredential("", _password).SecurePassword;
User me = await graphClient.Me.Request()
.WithUsernamePassword(_userEmail, securePass)
.GetAsync();
return graphClient;
}
catch (Exception ex)
{
const string ERR_MSG = "Could not create GraphAPI client";
_logger.LogError(ex, ERR_MSG);
throw new IlgGraphApiException(ERR_MSG, ex);
}
}
I have tested your code. It works fine for Azure AD but gets error Code: Service_InternalServerError Message: Encountered an internal server error. Inner error for Azure AD B2C.
I don't think Microsoft Graph API Create schemaExtension is supported for Azure AD B2C currently.
As this article says, Custom attributes in Azure AD B2C use Azure AD Graph API Directory Schema Extensions. Support for newer Microsoft Graph API for querying Azure AD B2C tenant is still under development.
这篇关于图 API - 使用 .Net Core 3.1 添加架构扩展的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
