C# 如何检查Azure Active Directory中的用户是否属于特定组成员?
我能够在Azure上查询active directory,并带来诸如姓名、国家、部门等用户信息。。。等等 但是,我想知道登录的用户所属的组。我用于提供用户信息的功能如下所示:C# 如何检查Azure Active Directory中的用户是否属于特定组成员?,c#,asp.net,azure,C#,Asp.net,Azure,我能够在Azure上查询active directory,并带来诸如姓名、国家、部门等用户信息。。。等等 但是,我想知道登录的用户所属的组。我用于提供用户信息的功能如下所示: public IUser GetUserData() { string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value; string us
public IUser GetUserData()
{
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantID);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
async () => await GetTokenForApplication());
// use the token for querying the graph to get the user details
IUser user = activeDirectoryClient.Users
.Where(u => u.ObjectId.Equals(userObjectID))
.ExecuteAsync().Result.CurrentPage.ToList().First();
return user;
}
bool d = activeDirectoryClient.IsMemberOfAsync("group1", userObjectID).Result.Value;
public async Task<IList<String>> GetGroups(IUser user)
{
IList<String> groupMembership = new List<String>();
var userFetcher = (IUserFetcher)user;
IPagedCollection<IDirectoryObject> pagedCollection = await userFetcher.MemberOf.ExecuteAsync();
do
{
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
var group = directoryObject as Group;
groupMembership.Add(group.DisplayName);
test.Text += group.DisplayName;
}
}
pagedCollection = await pagedCollection.GetNextPageAsync();
} while (pagedCollection != null);
return groupMembership;
}
我尝试使用GetUserData方法中的“activeDirectoryClient”变量检查用户是否是组的成员,如下所示:
public IUser GetUserData()
{
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantID);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
async () => await GetTokenForApplication());
// use the token for querying the graph to get the user details
IUser user = activeDirectoryClient.Users
.Where(u => u.ObjectId.Equals(userObjectID))
.ExecuteAsync().Result.CurrentPage.ToList().First();
return user;
}
bool d = activeDirectoryClient.IsMemberOfAsync("group1", userObjectID).Result.Value;
public async Task<IList<String>> GetGroups(IUser user)
{
IList<String> groupMembership = new List<String>();
var userFetcher = (IUserFetcher)user;
IPagedCollection<IDirectoryObject> pagedCollection = await userFetcher.MemberOf.ExecuteAsync();
do
{
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
var group = directoryObject as Group;
groupMembership.Add(group.DisplayName);
test.Text += group.DisplayName;
}
}
pagedCollection = await pagedCollection.GetNextPageAsync();
} while (pagedCollection != null);
return groupMembership;
}
但是,它不起作用
我还找到了这个解决方案,并按如下方式进行了定制:
public IUser GetUserData()
{
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantID);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
async () => await GetTokenForApplication());
// use the token for querying the graph to get the user details
IUser user = activeDirectoryClient.Users
.Where(u => u.ObjectId.Equals(userObjectID))
.ExecuteAsync().Result.CurrentPage.ToList().First();
return user;
}
bool d = activeDirectoryClient.IsMemberOfAsync("group1", userObjectID).Result.Value;
public async Task<IList<String>> GetGroups(IUser user)
{
IList<String> groupMembership = new List<String>();
var userFetcher = (IUserFetcher)user;
IPagedCollection<IDirectoryObject> pagedCollection = await userFetcher.MemberOf.ExecuteAsync();
do
{
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
var group = directoryObject as Group;
groupMembership.Add(group.DisplayName);
test.Text += group.DisplayName;
}
}
pagedCollection = await pagedCollection.GetNextPageAsync();
} while (pagedCollection != null);
return groupMembership;
}
如何检查“用户”是否有名为“group1”的组
谢谢 因此,Graph API具有
isMemberOf
,您可以查询它来检查用户是否是特定组的成员。参考链接:尝试使用IUserFetcher.Memberof
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
async () => await GetTokenForApplication());
IList<string> groupMembership = new List<string>();
IUser user = activeDirectoryClient.Users.Where(u => u.ObjectId.Equals(userObjectID)).ExecuteAsync().Result.CurrentPage.ToList().First();
var userFetcher = (IUserFetcher)user;
IPagedCollection<IDirectoryObject> pagedCollection = userFetcher.MemberOf.ExecuteAsync().Result;
do
{
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
var group = directoryObject as Group;
groupMembership.Add(group.DisplayName);
}
}
pagedCollection = pagedCollection.GetNextPageAsync().Result;
} while (pagedCollection != null);
ActiveDirectoryClient ActiveDirectoryClient=新的ActiveDirectoryClient(serviceRoot,
async()=>等待GetTokenFolication());
IList groupMembership=新列表();
IUser user=activeDirectoryClient.Users.Where(u=>u.ObjectId.Equals(userObjectID)).ExecuteAsync().Result.CurrentPage.ToList().First();
var userFetcher=(IUserFetcher)user;
IPagedCollection pagedCollection=userFetcher.MemberOf.ExecuteAsync().Result;
做
{
List directoryObjects=pagedCollection.CurrentPage.ToList();
foreach(目录对象中的IDirectoryObject目录对象)
{
如果(directoryObject是组)
{
var group=directoryObject作为组;
groupMembership.Add(group.DisplayName);
}
}
pagedCollection=pagedCollection.GetNextPageAsync().Result;
}while(pagedCollection!=null);
实际上我找到了这个链接,但我想知道如何查询Graph API。您的意思是创建一个名为“groupObject”的变量,就像我拥有的“userObject”一样吗?为什么“user”变量没有isMemberOf属性;所以可能像activeDirectoryClient.isMemberOf(groupid,userid)
我看到了activeDirectoryClient.IsMemberOfAsync(),但我不知道如何获取groupid和userid。您可以通过查询图形API来获取它们;)我在这里看到了这段代码,我试图调用这个函数,但它给了我一个例外。。我在你的回答中没有注意到什么。。这对我有用,谢谢你!