問(wèn)題描述
我試圖弄清楚如何使用 Azure Active Directory 的 Graph API 從組或用戶中刪除 AppRoleAssignment.我正在使用 .NET SDK (Microsoft.Azure.ActiveDirectory.GraphClient).
I'm trying to figure out how to delete an AppRoleAssignment from either an Group or a User using the Graph API for Azure Active Directory. I'm using the .NET SDK (Microsoft.Azure.ActiveDirectory.GraphClient).
我嘗試使用每個(gè) IEntityBase 上的標(biāo)準(zhǔn) DeleteAsync 方法,但它失敗并出現(xiàn)錯(cuò)誤.它發(fā)出一個(gè)如下所示的 HTTP 請(qǐng)求:
I've tried using the standard DeleteAsync method that's on every IEntityBase, but it fails with an error. It's issuing an HTTP request that looks like this:
DELETE/{tenantId}/directoryObjects/{appRoleAssignment ObjectID}/Microsoft.DirectoryServices.AppRoleAssignment?api-version=1.5
失敗并返回 400 Bad Request 并顯示錯(cuò)誤不支持直接查詢此資源類型."
which fails with a 400 Bad Request with the error "Direct queries to this resource type are not supported."
根據(jù) this Microsoft blog post 說(shuō)您需要執(zhí)行如下所示的 HTTP 請(qǐng)求:
This isn't the correct way to delete AppRoleAssignments using the Graph API according to this Microsoft blog post which says you need to do an HTTP request that looks like:
DELETE/{tenantId}/users/{user object ID}/appRoleAssignments/{appRoleAs}?api-version=1.5
如果我使用 HttpClient 使用該 URL 格式執(zhí)行手動(dòng) HTTP 請(qǐng)求,它可以工作,但我想知道如何在 .NET 庫(kù)的范圍內(nèi)執(zhí)行此操作,而不是自己執(zhí)行手動(dòng) HTTP 請(qǐng)求.
If I do a manual HTTP request using HttpClient using that URL format, it works, but I want to know how to do this within the bounds of the .NET library rather than doing manual HTTP requests myself.
如何通過(guò) .NET 庫(kù)刪除 AppRoleAssignments?
How do I delete AppRoleAssignments via the .NET library?
推薦答案
雖然不固定,但您可以手動(dòng)發(fā)出 HTTP 請(qǐng)求,但仍使用 Azure AD SDK 獲取令牌.像這樣的:
While it is not fixed, you can make a manual HTTP-request, but still using Azure AD SDK to acqure the token. Something like this:
var tenantId = "<guid> tenant id";
var appId = "<guid> your Azure app id";
var appKey = "your app key";
var authority = "i.e. https://login.windows.net/mycompany.onmicrosoft.com";
var graphUrl = "https://graph.windows.net/";
public async Task RemoveRoleFromUser(Guid userId, string roleObjectId) {
var uri = string.Format("{0}/users/{1}/appRoleAssignments/{2}?api-version=1.5", tenantId, userId, roleObjectId);
await ExecuteRequest<object>(uri, HttpMethod.Delete);
}
private async Task<T> ExecuteRequest<T>(string uri, HttpMethod method = null, Object body = null) where T : class {
if (method == null) method = HttpMethod.Get;
T response;
var token = await AcquireTokenAsyncForApplication();
using (var httpClient = new HttpClient { BaseAddress = getServicePointUri() }) {
var request = new HttpRequestMessage(method, uri);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
if (body != null) {
request.Content = new StringContent(JsonConvert.SerializeObject(body), Encoding.UTF8, "application/json");
}
var responseMessage = await httpClient.SendAsync(request).ConfigureAwait(false);
responseMessage.EnsureSuccessStatusCode();
response = await responseMessage.Content.ReadAsAsync<T>();
}
return response;
}
private async Task<string> AcquireTokenAsyncForApplication() {
ClientCredential clientCred = new ClientCredential(appId, appKey);
var authenticationContext = new AuthenticationContext(authority, false);
AuthenticationResult authenticationResult = authenticationContext.AcquireToken(graphUrl, clientCred);
return authenticationResult.AccessToken;
}
private Uri getServicePointUri() {
Uri servicePointUri = new Uri(graphUrl);
Uri serviceRoot = new Uri(servicePointUri, tenantId);
return serviceRoot;
}
這篇關(guān)于如何使用 Azure Active Directory .NET SDK 刪除 AppRoleAssignment?的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!