Fatal编程技术网
  • asp.net-mvc/
  • Asp.net mvc Azure ActiveDirectory图形API GraphClient未返回广告组

Asp.net mvc Azure ActiveDirectory图形API GraphClient未返回广告组

asp.net-mvc azure single-sign-on

Asp.net mvc Azure ActiveDirectory图形API GraphClient未返回广告组,asp.net-mvc,azure,single-sign-on,asp.net-identity,adfs,Asp.net Mvc,Azure,Single Sign On,Asp.net Identity,Adfs,我想从Azure AD检索用户的组信息 使用以下Graph API包来实现这一点 Microsoft.Azure.ActiveDirectory.GraphClient Microsoft.IdentityModel.Clients.ActiveDirectory 2.13.112191810 我能够从Azure Graph API成功检索用户信息 但是,当我运行此方法检索用户的组时,Fiddler显示了一个成功的HTTP 200响应,其中包含组信息的JSON片段,但是该方法本身不会返回IE

我想从Azure AD检索用户的组信息

使用以下Graph API包来实现这一点

  • Microsoft.Azure.ActiveDirectory.GraphClient
  • Microsoft.IdentityModel.Clients.ActiveDirectory 2.13.112191810
我能够从Azure Graph API成功检索用户信息

但是,当我运行此方法检索用户的组时,Fiddler显示了一个成功的HTTP 200响应,其中包含组信息的JSON片段,但是该方法本身不会返回IEnumerable

IEnumerable<string> groups = user.GetMemberGroupsAsync(false).Result.ToList();

IEnumerable groups=user.GetMemberGroupsAsync(false.Result.ToList();
代码似乎没有从此异步请求返回

当身份验证管道被卡住时,产生的体验是空白页

完整代码

public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
    {
        if (!incomingPrincipal.Identity.IsAuthenticated == true &&
            _authorizationService.IdentityRegistered(incomingPrincipal.Identity.Name))
        {
            return base.Authenticate(resourceName, incomingPrincipal);
        }

        _authorizationService.AddClaimsToIdentity(((ClaimsIdentity) incomingPrincipal.Identity));

        Claim tenantClaim = incomingPrincipal.FindFirst(TenantIdClaim);

        if (tenantClaim == null)
        {
            throw new NotSupportedException("Tenant claim not available, role authentication is not supported");
        }

        string tenantId = tenantClaim.Value;
        string authority = String.Format(CultureInfo.InvariantCulture, _aadInstance, _tenant);
        Uri servicePointUri = new Uri("https://graph.windows.net");
        ClientCredential clientCredential = new ClientCredential(_clientId, _password);

        AuthenticationContext authContext = new AuthenticationContext(authority, true);
        AuthenticationResult result = authContext.AcquireToken(servicePointUri.ToString(), clientCredential);
        Token = result.AccessToken;

        ActiveDirectoryClient activeDirectoryClient =
            new ActiveDirectoryClient(new Uri(servicePointUri, tenantId),
                async () => await AcquireTokenAsync());

       IUser user = activeDirectoryClient
           .Users
           .Where(x => x.UserPrincipalName.Equals(incomingPrincipal.Identity.Name))
           .ExecuteAsync()
           .Result
           .CurrentPage
           .ToList()
           .FirstOrDefault();

        if (user == null)
        {
            throw new NotSupportedException("Unknown User.");
        }          

       IEnumerable<string> groups = user.GetMemberGroupsAsync(false).Result.ToList();


        return incomingPrincipal;
    }

public override ClaimsPrincipal Authenticate(字符串resourceName,ClaimsPrincipal incomingPrincipal)
{
如果(!incomingPrincipal.Identity.IsAuthenticated==true&&
_authorizationService.IdentityRegistered(incomingPrincipal.Identity.Name))
{
返回base.Authenticate(resourceName,incomingPrincipal);
}
_authorizationService.AddClaimsToIdentity(((ClaimsIdentity)incomingPrincipal.Identity));
Claim tenantClaim=incomingPrincipal.FindFirst(tenantClaim);
if(tenantClaim==null)
{
抛出新的NotSupportedException(“租户声明不可用,不支持角色身份验证”);
}
字符串tenantId=tenantClaim.Value;
string authority=string.Format(CultureInfo.InvariantCulture,_aadInstance,_tenant);
Uri servicePointUri=新Uri(“https://graph.windows.net");
ClientCredential ClientCredential=新的ClientCredential(\u clientId,\u password);
AuthenticationContext authContext=新的AuthenticationContext(authority,true);
AuthenticationResult=authContext.AcquireToken(servicePointUri.ToString(),clientCredential);
Token=result.AccessToken;
ActiveDirectoryClient ActiveDirectoryClient=
新的ActiveDirectoryClient(新的Uri(servicePointUri,tenantId),
async()=>await AcquireTokenAsync());
IUser user=activeDirectoryClient
.用户
.Where(x=>x.UserPrincipalName.Equals(incomingPrincipal.Identity.Name))
.ExecuteAsync()
.结果
.CurrentPage
托利斯先生()
.FirstOrDefault();
if(user==null)
{
抛出新的NotSupportedException(“未知用户”);
}          
IEnumerable groups=user.GetMemberGroupsAsync(false.Result.ToList();
返还收益本金;
}
我也有同样的问题。我的代码在根据文档进行更改后仍然有效 

IUserFetcher retrievedUserFetcher=(用户)用户;
IPagedCollection pagedCollection=retrievedUserFetcher.MemberOf.ExecuteAsync().Result;
做{
List directoryObjects=pagedCollection.CurrentPage.ToList();
foreach(目录对象中的IDirectoryObject目录对象){
如果(directoryObject是组){
Group Group=作为组的directoryObject;
((索赔实体)收入主体身份)。添加索赔(
新声明(ClaimTypes.Role、group.DisplayName、ClaimValueTypes.String、“图形”);
}
}
pagedCollection=pagedCollection.GetNextPageAsync().Result;
}while(pagedCollection!=null&&pagedCollection.moresPagesAvailable);
IEnumerable,
string groups=user.GetMemberGroupsAsync(false).Result.ToList()
不工作,因为结果不是IEnumerable,string类型

IEnumerable<string> groups = await user.GetMemberGroupsAsync(false); 

IEnumerable groups=wait user.GetMemberGroupsAsync(false);
上面的代码将返回正确的类型。

我也有同样的问题。但是请注意,上面使用
memberOf
的解决方案是一个不及物列表,即仅限直接成员。其中,
getMemberGroups
不起作用的函数是传递函数。您还需要迭代每个组。“您可以调用getMemberGroups函数来返回用户所属的所有组。与读取memberOf navigation属性不同,该属性只返回用户直接所属的组。该检查是可传递的。”我尝试使用此库进行的大多数调用都有相同的问题。它一直挂起,即使Fiddler显示请求已成功。 
IEnumerable<string> groups = await user.GetMemberGroupsAsync(false);