C# MVC 和 MS Graph 问题 [英] C# MVC and MS Graph questions
问题描述
这里有点进退两难.
我有一个 C# MVC 应用程序(连接到 sharepoint),我需要找到一种从 Azure Active Directory 检索用户的方法(Sharepoint 不提供此类插件的人员选择器).
I have a C# MVC app (connected to sharepoint) and i need to find a way to retrieve users from Azure Active Directory (Sharepoint does not provide people picker for this type of addin).
我想要实现的目标 -> 一个搜索框,单击按钮会在 AD 中搜索用户电子邮件或名称(可能是电子邮件),然后它应该返回一个包含 Azure AD 用户 ID 和显示名称的 json.
What i want to achieve -> A search box, on button click it searches AD for the user email or name (probably email) and then it should return a json containing the Azure AD user id and display name.
我曾想过使用 MS Graph 来做到这一点,但我没有找到一个很好的教程来将 Graph 调用实现到 MVC 中.加!id 就像一种不需要用户执行任何操作但单击搜索按钮的方式(因此最好不要为用户提供身份验证令牌,不要图形应用程序登录等).
I thought about using MS Graph to do that, but i didnt find a good tutorial to implement Graph calls into MVC. PLUS ! id like a way that doesnt require users to do anything but click the search button (so preferrably no auth token for user, no graph app login or such things).
这可能吗?我什至会在 JS 中这样做,因为它将是一个相当封闭"的应用程序,但我记录图形实现的方式让我哭了......(所以......是的......请不要将我指向 MS图形实现文档,非常糟糕).
Is this possible ? I would even do it in JS since it will be a rather "closed" application, but i the way they documented the graph implementation makes me cry.... (so...yeah...pls dont point me to the MS graph implementation doc, its awfull).
任何帮助将不胜感激,谢谢.
Any help would be appreciated, thanks.
推荐答案
但丁
根据您的问题和您发布的评论,我想您可能想使用 Microsoft Graph 通过电子邮件获取用户 ID 和显示名称;并且您希望在没有用户登录并同意该应用程序的情况下执行此操作.如果我误解了您的问题,请随时告诉我.
Based on your question and the comments you posted, I think maybe you want to use Microsoft Graph to get the user id and display name by the email; and you want to do it without user logging in and consenting to the app. If I misunderstood your question, please feel free let me know.
我最初的建议是,您可以尝试在没有用户的情况下获取 AccessToken.
My initial suggestion is that you can try to get an AccessToken without a user.
根据this reference我们可以得到一个AccessToken由一些后台服务或守护进程.
According to this reference we can get an AccessToken by some background services or daemons.
根据我的测试,我们可以尝试以下步骤:
1. 征得管理员同意:
Based on my test, we can try the following steps:
1. Get administrator consent:
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = clientId,
Authority = authority,
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
Scope = "openid profile",
ResponseType = "id_token",
TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = false, NameClaimType = "name" },
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = this.OnAuthenticationFailedAsync,
SecurityTokenValidated = this.OnSecurityTokenValidatedAsync
}
});
ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(Startup.clientId, string.Format(AuthorityFormat, tenantId), Startup.redirectUri,
new ClientCredential(Startup.clientSecret), null, appTokenCache.GetMsalCacheInstance());
AuthenticationResult authResult = await daemonClient.AcquireTokenForClientAsync(new[] { MSGraphScope });
- 我们可以通过电子邮件从 url 获取用户:
https://graph.microsoft.com/v1.0/users/{email address}.例如,https://graph.microsoft.com/v1.0/users/xxx.outlook.com
更多细节我们可以参考v2.0 daemon sample 在 GitHub 上.
For more details, we can refer to v2.0 daemon sample on GitHub.
这篇关于C# MVC 和 MS Graph 问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
