在ASP.NET MVC组织帐户访问的Azure AD图形API [英] Access Azure AD Graph API in ASP.NET MVC Organizational account
问题描述
我想根据登录用户的AD组来限制的页面访问。我有以下codeS的问题。
VAR tenantId = incomingPrincipal.FindFirst(GraphConfiguration.TenantIdClaimType).value的; //创建Azure的图形API客户端调用API
VAR的客户= Helpers.AzureGraphAPIFunctions.GetActiveDirectoryClient(tenantId); IGroup组= client.Groups.Where(X => x.DisplayName ==组名).ExecuteSingleAsync()结果。
这些codeS做工精细,让我通过组名的AD组,但有时抛出异常
租户信息在本地不可用,请使用以下URL
来获取信息。
<$p$p><$c$c>{\"odata.error\":{\"$c$c\":\"Directory_BindingRedirection\",\"message\":{\"lang\":\"en\",\"value\":\"Tenant信息不是本地可用。请使用以下URL来获取信息。},
价值观:
{项目:为url1,值:HTTPS:\\ / \\ / directory-s1-ch1.directory.windows.net},
{项目:URL2,值:HTTPS:\\ / \\ / directory-s1-sn2.directory.windows.net},
{项目:URL3,值:HTTPS:\\ / \\ / directory-s1-co1.directory.windows.net},
{项目:Url4,值:HTTPS:\\ / \\ / directory-s1-bl2.directory.windows.net}
]}}
任何想法?
感谢
解决方案伙计们,
我们目前正在调查这个问题(你不应该看到此错误)。它看起来像一个回归。当我有更多的信息会更新这个主题。
更新:结果
这个问题现已解决。我们做了一个更新,打破我们的一些重试/重定向逻辑我们的网关逻辑。现在,我们已经把一些显示器的地方也应该发现这个问题要快得多(我们应该再次使同样的错误)。对于那些你谁是受到这一事件道歉。
I am trying to restrict page access based on logged in user's AD Groups. I have issues with following codes.
var tenantId = incomingPrincipal.FindFirst(GraphConfiguration.TenantIdClaimType).Value; //create Azure Graph Api client to make api calls var client = Helpers.AzureGraphAPIFunctions.GetActiveDirectoryClient(tenantId); IGroup group = client.Groups.Where(x => x.DisplayName == groupName).ExecuteSingleAsync().Result;These codes work fine and get me the AD Group by groupName but sometimes throws exception
"Tenant information is not available locally. Use the following Urls to get the information."
{"odata.error":{"code":"Directory_BindingRedirection","message":{"lang":"en","value":"Tenant information is not available locally. Use the following Urls to get the information."}, "values":[ {"item":"Url1","value":"https:\/\/directory-s1-ch1.directory.windows.net"}, {"item":"Url2","value":"https:\/\/directory-s1-sn2.directory.windows.net"}, {"item":"Url3","value":"https:\/\/directory-s1-co1.directory.windows.net"}, {"item":"Url4","value":"https:\/\/directory-s1-bl2.directory.windows.net"} ]}}Any ideas?
Thanks
解决方案Folks,
We're currently investigating this issue (you should not be seeing this error). It looks like a regression. Will update this thread when I have more info.
UPDATE:
This issue should now be resolved. We made an update to our gateway logic that broke some of our retry/redirect logic. We've now put some monitors in place also that should detect this issue much faster (should we make the same mistake again).Apologies for those of you who were affected by this incident.
这篇关于在ASP.NET MVC组织帐户访问的Azure AD图形API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
