C# 在C中使用Azure AD Graph API向已创建的应用程序添加角色#
如何在已使用c#中的azure ad Graph API在azure ad上创建的应用程序中添加角色。C# 在C中使用Azure AD Graph API向已创建的应用程序添加角色#,c#,azure,azure-active-directory,azure-ad-graph-api,C#,Azure,Azure Active Directory,Azure Ad Graph Api,如何在已使用c#中的azure ad Graph API在azure ad上创建的应用程序中添加角色。 我在c#中创建了这样的角色: 将使用什么调用在使用Azure AD Graph API的应用程序中添加此新角色。您可以参考下面的代码来分配应用程序角色 1.获取访问令牌 private static async Task<string> GetAppTokenAsync(string graphResourceId, string tenantId, string clientId
我在c#中创建了这样的角色:
将使用什么调用在使用Azure AD Graph API的应用程序中添加此新角色。您可以参考下面的代码来分配应用程序角色 1.获取访问令牌
private static async Task<string> GetAppTokenAsync(string graphResourceId, string tenantId, string clientId, string secretKey)
{
string aadInstance = "https://login.microsoftonline.com/" + tenantId + "/oauth2/token";
AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);
var result = await authenticationContext.AcquireTokenAsync(graphResourceId,
new ClientCredential(clientId, userId));
return result.AccessToken;
}
AppRole appRole = new AppRole
{
Id = Guid.NewGuid(),
IsEnabled = true,
Description = "Admins can manage roles and perform all actions.",
DisplayName = "Global Admin",
Value = "Admin"
};
User user = (User) activeDirectoryClient.Users.GetByObjectId("userobjectId").ExecuteAsync().Result;
AppRoleAssignment appRoleAssignment = new AppRoleAssignment
{
Id = appRole.Id,
ResourceId = Guid.Parse(newServicePrincpal.ObjectId),
PrincipalType = "User",
PrincipalId = Guid.Parse(user.ObjectId),
};
user.AppRoleAssignments.Add(appRoleAssignment);
user.UpdateAsync().Wait();
您可以参考下面的代码来分配应用程序角色 1.获取访问令牌
private static async Task<string> GetAppTokenAsync(string graphResourceId, string tenantId, string clientId, string secretKey)
{
string aadInstance = "https://login.microsoftonline.com/" + tenantId + "/oauth2/token";
AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);
var result = await authenticationContext.AcquireTokenAsync(graphResourceId,
new ClientCredential(clientId, userId));
return result.AccessToken;
}
AppRole appRole = new AppRole
{
Id = Guid.NewGuid(),
IsEnabled = true,
Description = "Admins can manage roles and perform all actions.",
DisplayName = "Global Admin",
Value = "Admin"
};
User user = (User) activeDirectoryClient.Users.GetByObjectId("userobjectId").ExecuteAsync().Result;
AppRoleAssignment appRoleAssignment = new AppRoleAssignment
{
Id = appRole.Id,
ResourceId = Guid.Parse(newServicePrincpal.ObjectId),
PrincipalType = "User",
PrincipalId = Guid.Parse(user.ObjectId),
};
user.AppRoleAssignments.Add(appRoleAssignment);
user.UpdateAsync().Wait();
最后,我能够使用azure Ad Graph API在azure上创建一个新角色 1) 创建一个角色:
Guid _id = Guid.NewGuid();
List<String> _AllowedMemberTypes = new List<string> {
"User"
};
AppRole appRole = new AppRole
{
AllowedMemberTypes = _AllowedMemberTypes,
Description = "Admins can manage roles and perform all actions.",
DisplayName = "Global Admin",
Id = _id,
IsEnabled = true,
Value = "Admin"
};
最后,我能够使用azure Ad Graph API在azure上创建一个新角色 1) 创建一个角色:
Guid _id = Guid.NewGuid();
List<String> _AllowedMemberTypes = new List<string> {
"User"
};
AppRole appRole = new AppRole
{
AllowedMemberTypes = _AllowedMemberTypes,
Description = "Admins can manage roles and perform all actions.",
DisplayName = "Global Admin",
Id = _id,
IsEnabled = true,
Value = "Admin"
};
@joey_cai ApprovalesignmentsMethod用于将已创建的角色分配给用户。但我想在azure应用程序中使用c#@joey#u中的azure AD Graph API创建一个新角色cai ApprovaliseSignments方法用于将已创建的角色分配给用户。但我想在azure应用程序中使用c中的azure AD Graph API创建一个新角色#