問題描述
我正在嘗試使用 Azure Active Directory Graph API(帶有 Azure GraphClient nuget 包)在 Azure AD 中創建一個新應用程序.
I'm trying to use the Azure Active Directory Graph API (with the Azure GraphClient nuget package) to create a new application in Azure AD.
我已經使用現有的 AAD 應用程序進行了身份驗證,因此我對目錄具有寫入權限.
I've authenticated using an existing AAD application, so I have write access to the directory.
但是,當創建新的應用程序對象時,Azure Graph API 會返回此錯誤:
However, when creating the new application object the Azure Graph API returns this error:
{"odata.error": {
"code":"Request_BadRequest",
"message": {
"lang":"en",
"value":"Property value cannot have duplicate id or claim values."
},
"values":
[{
"item":"PropertyName",
"value":"None"
},
{
"item":"PropertyErrorCode",
"value":"DuplicateValue"
}
]
}
}
它沒有說明哪個屬性具有重復的 id 或聲明值 - 錯誤消息中有兩個空格,就好像名稱丟失一樣.
It doesn't say which property has a duplicate id or claim value - there are two spaces in the error message as if the name is missing.
創建應用程序對象的代碼是這樣的:
The code which creates the Application object is this:
var appname = "Test Application create " + DateTime.Now.Ticks;
var application = new Application()
{
AvailableToOtherTenants = false,
DisplayName = appname,
ErrorUrl = null,
GroupMembershipClaims = null,
Homepage = "http://www.domain.com",
IdentifierUris = new List<string>() {{"https://domain.com/"+ appname } },
KeyCredentials = new List<KeyCredential>(),
KnownClientApplications = new List<Guid>(),
LogoutUrl = null,
Oauth2AllowImplicitFlow = false,
Oauth2AllowUrlPathMatching = false,
Oauth2Permissions = new List<OAuth2Permission>()
{
{
new OAuth2Permission()
{
AdminConsentDescription =
$"Allow the application to access {appname} on behalf of the signed-in user.",
AdminConsentDisplayName = $"Access {appname}",
Id = Guid.NewGuid(),
IsEnabled = true,
Type = "User",
UserConsentDescription =
$"Allow the application to access {appname} on your behalf.",
UserConsentDisplayName = $"Access {appname}",
Value = "user_impersonation"
}
}
},
Oauth2RequirePostResponse = false,
PasswordCredentials = new List<PasswordCredential>(),
PublicClient = false,
ReplyUrls = new List<string>(),
RequiredResourceAccess = new List<RequiredResourceAccess>(),
SamlMetadataUrl = null,
ExtensionProperties = new List<ExtensionProperty>(),
Manager = null,
ObjectType = "Application",
DeletionTimestamp = null,
CreatedOnBehalfOf = null,
CreatedObjects = new List<DirectoryObject>(),
DirectReports = new List<DirectoryObject>(),
Members = new List<DirectoryObject>(),
MemberOf = new List<DirectoryObject>(),
Owners = new List<DirectoryObject>(),
OwnedObjects = new List<DirectoryObject>()
};
await client.Applications.AddApplicationAsync(application);
我錯過了房產嗎?似乎沒有任何非唯一屬性,并且應用程序是使用唯一名稱創建的.
Am I missing a property? There doesn't seem to be any non-unique properties, and the application is created with a unique name.
推薦答案
錯誤信息確實很混亂,但問題是你試圖定義一個scope值(user_impersonation) 已經定義了.
The error message is indeed very confusing, but the problem is that you are trying to define a scope value (user_impersonation) that is already defined.
如果你運行這段代碼,你會發現應用程序在你的目錄中創建成功:
If you run this code, you'll find that the application is created successfully in your directory:
var appname = "Test Application create " + DateTime.Now.Ticks;
var application = new Application()
{
AvailableToOtherTenants = false,
DisplayName = appname,
ErrorUrl = null,
GroupMembershipClaims = null,
Homepage = "http://www.domain.com",
IdentifierUris = new List<string>() {{"https://domain.com/"+ "Test" } },// CHANGED LINE
KeyCredentials = new List<KeyCredential>(),
KnownClientApplications = new List<Guid>(),
LogoutUrl = null,
Oauth2AllowImplicitFlow = false,
Oauth2AllowUrlPathMatching = false,
Oauth2Permissions = new List<OAuth2Permission>()
{
{
new OAuth2Permission()
{
AdminConsentDescription =
$"Allow the application to access {appname} on behalf of the signed-in user.",
AdminConsentDisplayName = $"Access {appname}",
Id = Guid.NewGuid(),
IsEnabled = true,
Type = "User",
UserConsentDescription =
$"Allow the application to access {appname} on your behalf.",
UserConsentDisplayName = $"Access {appname}",
Value = "custom_scope" // CHANGED LINE
}
}
},
Oauth2RequirePostResponse = false,
PasswordCredentials = new List<PasswordCredential>(),
PublicClient = false,
ReplyUrls = new List<string>(),
RequiredResourceAccess = new List<RequiredResourceAccess>(),
SamlMetadataUrl = null,
ExtensionProperties = new List<ExtensionProperty>(),
Manager = null,
ObjectType = "Application",
DeletionTimestamp = null,
CreatedOnBehalfOf = null,
CreatedObjects = new List<DirectoryObject>(),
DirectReports = new List<DirectoryObject>(),
Members = new List<DirectoryObject>(),
MemberOf = new List<DirectoryObject>(),
Owners = new List<DirectoryObject>(),
OwnedObjects = new List<DirectoryObject>()
};
await client.Applications.AddApplicationAsync(application);
另外,您的 IdentifierUris 不能包含空格,因此我已將其更改為硬編碼字符串.
Also, your IdentifierUris cannot contain spaces, so I've changed it to a hardcoded string.
HTH
這篇關于使用圖形 API 在 Azure Active Directory 中創建應用程序失敗的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!