在我们的 MS Graph Webhook 上未收到删除 AAD 中用户的请求 [英] Not receiving a request on our MS Graph Webhook for deleting a User in AAD
问题描述
我们创建了一个 Webhook,用于在从 Azure AD 中删除用户时接收删除"通知.但是当我们删除用户时,我们没有收到任何通知.在 AAD 中,用户首先被放入回收站,但如果我们将用户从回收站中删除,我们也不会收到任何通知.我们已经尝试了接收电子邮件的代码-> 有效.并且在 AAD 中更改用户-> 这也有效.所以我们将updated"改为deleted",并没有触发调用.
We created a Webhook for receiving "Delete" notifications when a user is deleted from Azure AD. But we're not receiving any notifications when we delete a user. In AAD the user is first placed in the recycle bin, but also if we remove the user from the recycle bin, we don't receive any notifications. We've tried our code with receiving emails -> that worked. And with changing a user in AAD -> that also worked. So we changed "updated" to "deleted" and no calls are triggered.
我们从文档开始 (https://docs.microsoft.com/en-us/graph/webhooks)和微软提供的示例代码(https://github.com/microsoftgraph/aspnet-webhooks-rest-sample)
We started with de documentation (https://docs.microsoft.com/en-us/graph/webhooks) and the sample code provided by Microsoft (https://github.com/microsoftgraph/aspnet-webhooks-rest-sample)
我们使用权限范围:User.Read.All &Directory.Read.All
We use Permission Scopes: User.Read.All & Directory.Read.All
Graph Webhook 订阅:资源:用户"ChangeType:已删除"
Graph Webhook subscription: Resource: "users" ChangeType: "deleted"
当我们将updated"指定为 ChangeType 时,我们收到了预期的通知.但是 ChangeType "deleted" 没有给出任何通知.这是不支持的,还是我们缺少权限...我希望有人可以提供帮助.
When we specify "updated" as ChangeType, we received notifications, as expected. But ChangeType "deleted" was not giving any notifications. Is this not supported, or are we missing a permission... I hope someone can help.
推荐答案
当您订阅 deleted 事件时,您只会收到硬删除用户的通知.用户一开始几乎总是被软删除",然后在 30 天后被自动永久删除.
When you've subscribed to deleted events, you will only get notifications for hard-deleted users. User are almost always "soft-deleted" at first, and then get permanently deleted automatically after 30 days.
对于这两种情况,User.Read.All 的权限就足够了.
For both cases, the permissions User.Read.All is sufficient.
当用户被软删除"时,会向订阅了 updated 更改的应用发送一个事件.这是一个示例(您必须相信我,这是由于软删除,因为它与常规属性更改的事件相同):
When a user is "soft-deleted" an event is sent to apps subscribed to updated changes. Here's an example (you'll have to trust me that this was due to a soft-delete, since it's the same event for a regular attribute change):
{
"value": [
{
"changeType": "updated",
"clientState": null,
"resource": "Users/514ffc40-afef-4ad9-bc1f-4ad3e425fcec",
"resourceData": {
"@odata.type": "#Microsoft.Graph.User",
"@odata.id": "Users/514ffc40-afef-4ad9-bc1f-4ad3e425fcec",
"id": "514ffc40-afef-4ad9-bc1f-4ad3e425fcec",
"organizationId": "1c411c5e-78cc-4e89-af5e-169408a540b7",
"sequenceNumber": 636921552671905776
},
"subscriptionExpirationDateTime": "2019-05-01T17:13:30.289+00:00",
"subscriptionId": "cfbfa7fc-0771-4394-b563-cff3f8140d02",
"tenantId": "1c411c5e-78cc-4e89-af5e-169408a540b7"
}
]
}
当用户被永久删除(30 天后自然删除或由管理员手动删除)时,订阅 deleted 的应用会收到通知.这是一个例子:
When a user is permanently deleted (either naturally after 30 days, or manually by an admin), apps subscribed to deleted will get a notification. Here's an example:
{
"value": [
{
"changeType": "deleted",
"clientState": null,
"resource": "Users/514ffc40-afef-4ad9-bc1f-4ad3e425fcec",
"resourceData": {
"@odata.type": "#Microsoft.Graph.User",
"@odata.id": "Users/514ffc40-afef-4ad9-bc1f-4ad3e425fcec",
"id": "514ffc40-afef-4ad9-bc1f-4ad3e425fcec",
"organizationId": "1c411c5e-78cc-4e89-af5e-169408a540b7",
"sequenceNumber": 636921556468034066
},
"subscriptionExpirationDateTime": "2019-05-01T17:13:30.289+00:00",
"subscriptionId": "ce04c176-370d-4b67-9da6-05c441186756",
"tenantId": "1c411c5e-78cc-4e89-af5e-169408a540b7"
}
]
}
这篇关于在我们的 MS Graph Webhook 上未收到删除 AAD 中用户的请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
