問題描述
我正在嘗試使用圖形 API 在 Azure AD 中注冊應用程序,我有一個方法 CallRestAPI 將發出請求.下面是代碼
I am trying to register an application in Azure AD using graph API, I have a method CallRestAPI which will make the request.
Below is the code
public async Task<Response> AzureADApp()
{
Response responseMessage = new Response();
try
{
var token = GenerateToken();
List<(string, string)> listHeaders = new List<(string, string)>();
listHeaders.Add(("Authorization", string.Concat("Bearer" + " " + token)));
listHeaders.Add(("Content-Type", "application/json"));
List<(string, string)> param = new List<(string, string)>();
param.Add(("displayName", "VS1Application123"));
param.Add(("homepage", "https://localhost:44358/"));
param.Add(("identifierUris", "https://G7CRM4L/6958490c-21ae-4885-804c-f03b3add87ad"));
string callUrl = "https://graph.windows.net/G7CRM4L/applications/?api-version=1.6";
var result = CallRestAPI(callUrl, "", Method.POST, listHeaders, param);
}
catch (Exception ex)
{
responseMessage.StatusCode = Convert.ToInt16(HttpStatusCode.InternalServerError);
}
return responseMessage;
}
public async Task<IRestResponse> CallRestAPI(string BaseAddress, string SubAddress, Method method, List<(string, string)> headersList = null, List<(string, string)> paramsList = null)
{
var call = new RestClient(BaseAddress + SubAddress);
var request = new RestRequest(method);
if (headersList != null)
{
foreach (var header in headersList)
{
request.AddHeader(header.Item1, header.Item2);
}
}
if (paramsList != null)
{
foreach (var param in paramsList)
{
request.AddParameter(param.Item1, param.Item2);
}
}
var response = call.ExecuteTaskAsync(request);
return response.Result;
}
我認為我在正文中發送參數的方式不正確,任何人都可以指導我如何使這段代碼工作,或者有更好的方法來實現同樣的效果嗎?謝謝你.
I think the way I am sending parameters in the body is not correct can anyone guide me how to make this code work or is there a better way to achieve the same? Thank you.
推薦答案
實現相同的更好方法,即使用 Azure AD 注冊應用程序將使用 Azure AD Graph 客戶端庫
A better way to achieve the same i.e. register an app with Azure AD will be to make use of Azure AD Graph Client Library
我說這是一種更好的方法,因為當您使用客戶端庫時,您可以獲得多種好處,例如無需處理原始 HTTP 請求、編寫更方便和聲明性的 C# 代碼,這取決于經過良好測試的庫、異步支持等.
I say it's a better approach because when you use the client library you reap multiple benefits like no raw HTTP request handling, writing more convenient and declarative C# code, depending on a well tested library, async support etc.
我想使用的底層 Graph API 仍然是一樣的
Underlying Graph API used will still be the same I suppose
POST https://graph.windows.net/{tenant-id}/applications?api-version=1.6
這里是創建 Azure AD 應用程序的示例代碼 (C#)
Here is sample code (C#) to create an Azure AD application
請注意,我將 app.PublicClient 標志保留為 true 以注冊為本機應用程序.如果要將其注冊為 Web 應用程序,可以將其設置為 false.
Notice that I've kept app.PublicClient flag as true to register as a native application. You can set it to false if you want to register it as a web application.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Microsoft.Azure.ActiveDirectory.GraphClient;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
namespace CreateAzureADApplication
{
class Program
{
static void Main(string[] args)
{
ActiveDirectoryClient directoryClient;
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(new Uri("https://graph.windows.net/{yourAADGUID}"),
async () => await GetTokenForApplication());
Application app = new Application();
app.DisplayName = "My Azure AD Native App";
app.PublicClient = true;
app.Homepage = "https://myazureadnativeapp";
activeDirectoryClient.Applications.AddApplicationAsync(app).GetAwaiter().GetResult();
}
public static async Task<string> GetTokenForApplication()
{
AuthenticationContext authenticationContext = new AuthenticationContext(
"https://login.microsoftonline.com/{yourAADGUID}",
false);
// Configuration for OAuth client credentials
ClientCredential clientCred = new ClientCredential("yourappclientId",
"yourappclientsecret"
);
AuthenticationResult authenticationResult =
await authenticationContext.AcquireTokenAsync("https://graph.windows.net", clientCred);
return authenticationResult.AccessToken;
}
}
}
設置:我在 Azure AD 中注冊了一個應用程序,該應用程序具有應用程序權限所需的權限 - 讀取和寫入所有應用程序并為此應用程序授予權限.現在使用此應用程序的客戶端 ID 和客戶端密碼,獲取令牌并調用 Azure AD Graph API 來創建應用程序.使用應用程序權限不是強制性的,您也可以通過提示用戶輸入憑據來使用委派權限.查看更詳細示例的鏈接(舊示例但仍然有用).
Setup: I have an application registered in Azure AD, which has required permissions as application permission - Read and Write all applications and grant permissions is done for this app. Now using this application's client id and client secret, a token is acquired and Azure AD Graph API is called to create an application. It is not mandatory to use application permissions, you can also use delegated permissions by prompting user for credentials. See links to more detailed examples (old ones but still useful).
使用 Graph 客戶端庫的控制臺應用程序
Web 應用使用 Graph 客戶端庫調用 Graph
Azure AD Graph 客戶端庫 2.0 公告頁面
附帶說明,您可以使用較新的 Microsoft Graph API 也一樣,
On a side note, you could do this using the newer Microsoft Graph API as well,
POST https://graph.microsoft.com/beta/applications
但創建應用程序的能力仍處于測試階段,因此不推薦用于生產工作負載.因此,即使 Microsoft Graph API 會被推薦用于大多數場景,至少對于這個場景,使用 Azure AD Graph API 是當前的方式.
but the ability to create applications is still in beta and hence not recommeded for production workloads. So even though Microsoft Graph API would be recommende for most scenarios, at least for this one, using Azure AD Graph API is the way to go currently.
我在類似的 在這里發帖.
這篇關于使用圖形 api 以編程方式在 azure 活動目錄中注冊應用程序的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!