如何删除使用的Azure Active Directory的.NET SDK的AppRoleAssignment? [英] How do I delete an AppRoleAssignment using the Azure Active Directory .NET SDK?
问题描述
我试图找出如何删除 AppRoleAssignment
从任何一个集团或使用图形API为Azure的Active Directory中的用户。我使用的.NET SDK( Microsoft.Azure.ActiveDirectory.GraphClient )
I'm trying to figure out how to delete an AppRoleAssignment
from either an Group or a User using the Graph API for Azure Active Directory. I'm using the .NET SDK (Microsoft.Azure.ActiveDirectory.GraphClient).
我已经使用标准的 DeleteAsync
方法,该方法是对每一个 IEntityBase
尝试过,但失败与错误。它的发行,看起来像这样的HTTP请求:
I've tried using the standard DeleteAsync
method that's on every IEntityBase
, but it fails with an error. It's issuing an HTTP request that looks like this:
删除/ {tenantId} / directoryObjects / {appRoleAssignment对象ID} /Microsoft.DirectoryServices.AppRoleAssignment?api-version=1.5
这将失败,并400错误的请求,并显示错误直接查询不支持这种资源类型。
which fails with a 400 Bad Request with the error "Direct queries to this resource type are not supported."
这是不使用根据图形API <一个删除AppRoleAssignments正确方式href="http://blogs.msdn.com/b/aadgraphteam/archive/2014/12/12/announcing-the-new-version-of-graph-api-api-version-1-5.aspx"相对=nofollow>这个微软博客文章它说你需要做的,看起来像一个HTTP请求:
This isn't the correct way to delete AppRoleAssignments using the Graph API according to this Microsoft blog post which says you need to do an HTTP request that looks like:
删除/ {tenantId} /用户/ {用户对象ID} / appRoleAssignments / {appRoleAs}?API版本= 1.5
如果我做了人工HTTP请求使用的HttpClient使用URL格式,它的工作原理,但我想知道如何做到这一点的.NET库的范围内,而不是做手工HTTP请求自己。
If I do a manual HTTP request using HttpClient using that URL format, it works, but I want to know how to do this within the bounds of the .NET library rather than doing manual HTTP requests myself.
我如何通过.NET库中删除AppRoleAssignments?
How do I delete AppRoleAssignments via the .NET library?
推荐答案
虽然是不固定的,可以进行手动的HTTP请求,但仍然使用Azure的AD SDK来acqure令牌。事情是这样的:
While it is not fixed, you can make a manual HTTP-request, but still using Azure AD SDK to acqure the token. Something like this:
var tenantId = "<guid> tenant id";
var appId = "<guid> your Azure app id";
var appKey = "your app key";
var authority = "i.e. https://login.windows.net/mycompany.onmicrosoft.com";
var graphUrl = "https://graph.windows.net/";
public async Task RemoveRoleFromUser(Guid userId, string roleObjectId) {
var uri = string.Format("{0}/users/{1}/appRoleAssignments/{2}?api-version=1.5", tenantId, userId, roleId);
await ExecuteRequest<object>(uri, HttpMethod.Delete);
}
private async Task<T> ExecuteRequest<T>(string uri, HttpMethod method = null, Object body = null) where T : class {
if (method == null) method = HttpMethod.Get;
T response;
var token = await AcquireTokenAsyncForApplication();
using (var httpClient = new HttpClient { BaseAddress = getServicePointUri() }) {
var request = new HttpRequestMessage(method, uri);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
if (body != null) {
request.Content = new StringContent(JsonConvert.SerializeObject(body), Encoding.UTF8, "application/json");
}
var responseMessage = await httpClient.SendAsync(request).ConfigureAwait(false);
responseMessage.EnsureSuccessStatusCode();
response = await responseMessage.Content.ReadAsAsync<T>();
}
return response;
}
private async Task<string> AcquireTokenAsyncForApplication() {
ClientCredential clientCred = new ClientCredential(appId, appKey);
var authenticationContext = new AuthenticationContext(authority), false);
AuthenticationResult authenticationResult = authenticationContext.AcquireToken(graphUrl, clientCred);
return authenticationResult.AccessToken;
}
private Uri getServicePointUri() {
Uri servicePointUri = new Uri(graphUrl);
Uri serviceRoot = new Uri(servicePointUri, tenantId);
return serviceRoot;
}
这篇关于如何删除使用的Azure Active Directory的.NET SDK的AppRoleAssignment?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!