C# 如何检查Azure Active Directory中的用户是否属于特定组成员？

我能够在Azure上查询active directory，并带来诸如姓名、国家、部门等用户信息。。。等等

但是，我想知道登录的用户所属的组。我用于提供用户信息的功能如下所示：

public IUser GetUserData()
{
    string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
    string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;

    Uri servicePointUri = new Uri(graphResourceId);
    Uri serviceRoot = new Uri(servicePointUri, tenantID);
    ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
            async () => await GetTokenForApplication());

    // use the token for querying the graph to get the user details
    IUser user = activeDirectoryClient.Users
        .Where(u => u.ObjectId.Equals(userObjectID))
        .ExecuteAsync().Result.CurrentPage.ToList().First();

    return user;
}

bool d = activeDirectoryClient.IsMemberOfAsync("group1", userObjectID).Result.Value; 

public async Task<IList<String>> GetGroups(IUser user)
        {
            IList<String> groupMembership = new List<String>();

            var userFetcher = (IUserFetcher)user;

            IPagedCollection<IDirectoryObject> pagedCollection = await userFetcher.MemberOf.ExecuteAsync();
            do
            {
                List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
                foreach (IDirectoryObject directoryObject in directoryObjects)
                {
                    if (directoryObject is Group)
                    {
                        var group = directoryObject as Group;
                        groupMembership.Add(group.DisplayName);
                        test.Text += group.DisplayName;
                    }
                }
                pagedCollection = await pagedCollection.GetNextPageAsync();
            } while (pagedCollection != null);


            return groupMembership;
        }

我尝试使用GetUserData方法中的“activeDirectoryClient”变量检查用户是否是组的成员，如下所示：

public IUser GetUserData()
{
    string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
    string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;

    Uri servicePointUri = new Uri(graphResourceId);
    Uri serviceRoot = new Uri(servicePointUri, tenantID);
    ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
            async () => await GetTokenForApplication());

    // use the token for querying the graph to get the user details
    IUser user = activeDirectoryClient.Users
        .Where(u => u.ObjectId.Equals(userObjectID))
        .ExecuteAsync().Result.CurrentPage.ToList().First();

    return user;
}

bool d = activeDirectoryClient.IsMemberOfAsync("group1", userObjectID).Result.Value; 

public async Task<IList<String>> GetGroups(IUser user)
        {
            IList<String> groupMembership = new List<String>();

            var userFetcher = (IUserFetcher)user;

            IPagedCollection<IDirectoryObject> pagedCollection = await userFetcher.MemberOf.ExecuteAsync();
            do
            {
                List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
                foreach (IDirectoryObject directoryObject in directoryObjects)
                {
                    if (directoryObject is Group)
                    {
                        var group = directoryObject as Group;
                        groupMembership.Add(group.DisplayName);
                        test.Text += group.DisplayName;
                    }
                }
                pagedCollection = await pagedCollection.GetNextPageAsync();
            } while (pagedCollection != null);


            return groupMembership;
        }

但是，它不起作用

我还找到了这个解决方案，并按如下方式进行了定制：

public IUser GetUserData()
{
    string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
    string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;

    Uri servicePointUri = new Uri(graphResourceId);
    Uri serviceRoot = new Uri(servicePointUri, tenantID);
    ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
            async () => await GetTokenForApplication());

    // use the token for querying the graph to get the user details
    IUser user = activeDirectoryClient.Users
        .Where(u => u.ObjectId.Equals(userObjectID))
        .ExecuteAsync().Result.CurrentPage.ToList().First();

    return user;
}

bool d = activeDirectoryClient.IsMemberOfAsync("group1", userObjectID).Result.Value; 

public async Task<IList<String>> GetGroups(IUser user)
        {
            IList<String> groupMembership = new List<String>();

            var userFetcher = (IUserFetcher)user;

            IPagedCollection<IDirectoryObject> pagedCollection = await userFetcher.MemberOf.ExecuteAsync();
            do
            {
                List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
                foreach (IDirectoryObject directoryObject in directoryObjects)
                {
                    if (directoryObject is Group)
                    {
                        var group = directoryObject as Group;
                        groupMembership.Add(group.DisplayName);
                        test.Text += group.DisplayName;
                    }
                }
                pagedCollection = await pagedCollection.GetNextPageAsync();
            } while (pagedCollection != null);


            return groupMembership;
        }

如何检查“用户”是否有名为“group1”的组

---

谢谢

因此，Graph API具有

isMemberOf

，您可以查询它来检查用户是否是特定组的成员。参考链接：

尝试使用IUserFetcher.Memberof

        ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
                async () => await GetTokenForApplication());


        IList<string> groupMembership = new List<string>();
        IUser user = activeDirectoryClient.Users.Where(u => u.ObjectId.Equals(userObjectID)).ExecuteAsync().Result.CurrentPage.ToList().First();
        var userFetcher = (IUserFetcher)user;

        IPagedCollection<IDirectoryObject> pagedCollection = userFetcher.MemberOf.ExecuteAsync().Result;
        do
        {
            List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
            foreach (IDirectoryObject directoryObject in directoryObjects)
            {
                if (directoryObject is Group)
                {
                    var group = directoryObject as Group;
                    groupMembership.Add(group.DisplayName);
                }
            }
            pagedCollection = pagedCollection.GetNextPageAsync().Result;
        } while (pagedCollection != null);

ActiveDirectoryClient ActiveDirectoryClient=新的ActiveDirectoryClient（serviceRoot，
async（）=>等待GetTokenFolication（））；
IList groupMembership=新列表（）；
IUser user=activeDirectoryClient.Users.Where（u=>u.ObjectId.Equals（userObjectID））.ExecuteAsync（）.Result.CurrentPage.ToList（）.First（）；
var userFetcher=（IUserFetcher）user；
IPagedCollection pagedCollection=userFetcher.MemberOf.ExecuteAsync（）.Result；
做
{
List directoryObjects=pagedCollection.CurrentPage.ToList（）；
foreach（目录对象中的IDirectoryObject目录对象）
{
如果（directoryObject是组）
{
var group=directoryObject作为组；
groupMembership.Add（group.DisplayName）；
}
}
pagedCollection=pagedCollection.GetNextPageAsync（）.Result；
}while（pagedCollection！=null）；

实际上我找到了这个链接，但我想知道如何查询Graph API。您的意思是创建一个名为“groupObject”的变量，就像我拥有的“userObject”一样吗？为什么“user”变量没有isMemberOf属性；所以可能像

activeDirectoryClient.isMemberOf（groupid，userid）

我看到了activeDirectoryClient.IsMemberOfAsync（），但我不知道如何获取groupid和userid。您可以通过查询图形API来获取它们；）我在这里看到了这段代码，我试图调用这个函数，但它给了我一个例外。。我在你的回答中没有注意到什么。。这对我有用，谢谢你！