如何检查azure活动目录用户是否已处于批准状态
[英]How to check if an azure active directory user is already in an approle
问题描述
I've created an Azure active directory user and added the user to app roles. 
我创建了一个Azure活动目录用户,并将用户添加到了app角色。 Now i am retrieving this user and attempting to add it to more app roles. 现在我正在检索此用户并尝试将其添加到更多应用程序角色。
var activeDirectoryUser = client.Users.Where(u => u.UserPrincipalName == user.UserName).ExecuteSingleAsync().Result as User;
As a precaution i want to first check if the user is already in an app role before adding however the problem is that the ApproleAssignments field on the User object is always empty. 作为预防措施,我想在添加之前首先检查用户是否已经处于app角色,但问题是User对象上的ApproleAssignments字段始终为空。 Even thou the user has app role assignments and i get an error if i try and add the user to the same app role. 即使您用户具有应用程序角色分配,如果我尝试将用户添加到相同的应用程序角色,我也会收到错误。
Creating new app role assignment. 创建新的应用角色分配。
var appRoleAssignment = new AppRoleAssignment
{
Id = appRole.Id,
ResourceId = Guid.Parse(servicePrincpal.ObjectId),
PrincipalType = "User",
PrincipalId = Guid.Parse(user.ObjectId)
};
if(IsUserInAppRole(user,appRoleAssignment))return;
user.AppRoleAssignments.Add(appRoleAssignment);
user.UpdateAsync().Wait();
Checking if user is in app role. 检查用户是否处于app角色。
private bool IsUserInAppRole(User user, AppRoleAssignment appRoleAssignment)
{
var userInApprole = user.AppRoleAssignments.Where(ara => ara.ObjectId == appRoleAssignment.Id.ToString());
return userInApprole.Any();
}
I'm using the latest version of Microsoft.Azure.ActiveDirectory.GraphClient library 我正在使用最新版本的Microsoft.Azure.ActiveDirectory.GraphClient库
2 个解决方案
解决方案1
3 已采纳 2015-02-14 22:45:24
Sorry for the late response. 回复晚了非常抱歉。 The following code worked for me. 以下代码对我有用。 Not sure if you need to use the IUserFetcher interface, but your LINQ query fails because you are comparing the objectID of the assignment, with the appRole Id. 不确定是否需要使用IUserFetcher接口,但LINQ查询失败,因为您正在将赋值的objectID与appRole Id进行比较。 What you need to compare is the ID of the assignment. 您需要比较的是作业的ID。
var userFetcher = user as IUserFetcher;
IPagedCollection<IAppRoleAssignment> rawObjects = userFetcher.AppRoleAssignments.ExecuteAsync().Result;
IList<IAppRoleAssignment> assignments = rawObjects.CurrentPage.ToList();
IAppRoleAssignment a = null;
a = assignments.Where(ara => ara.Id.Equals(appRole.Id)).First();
if (a != null) {
Console.WriteLine("Found assignment {0} for user {1}", appRole.Id, user.DisplayName);
}
Hope this helps... 希望这可以帮助...
解决方案2
2 2015-04-24 14:04:55
var userFetcher = user as IUserFetcher;
IPagedCollection rawObjects = userFetcher.AppRoleAssignments.ExecuteAsync().Result;
IList<IAppRoleAssignment> assignments = rawObjects.CurrentPage.ToList();
Above lines of code is causing exception due to casting not done, if cast it as: 上面的代码行导致异常,因为未执行转换,如果将其转换为:
IPagedCollection rawObjects =
(IPagedCollection)userFetcher.AppRoleAssignments.ExecuteAsync().Result;
IList<IAppRoleAssignment> assignments =
(IList<IAppRoleAssignment>)rawObjects.CurrentPage.ToList();
Code get compiled successfully but gives runtime exception as: 代码编译成功,但运行时异常如下:
Cannot implicitly convert type 'System.Collections.Generic.List' to 'System.Collections.Generic.IList'.
Could you please guide how to use those two statements? 你能指导一下如何使用这两个陈述吗?
Update: 更新:
private static bool IsUserInRole(User user, AppRole appRole, bool roleAlreadyAssigned = false)
{
var userFetcher = user as IUserFetcher;
IPagedCollection rawObjects = (IPagedCollection)userFetcher.AppRoleAssignments.ExecuteAsync().Result;
foreach (IAppRoleAssignment item in rawObjects.CurrentPage)
{
if (item.Id == appRole.Id)
{
roleAlreadyAssigned = true; break;
}
}
return roleAlreadyAssigned;
}
The above code worked for me. 上面的代码对我有用。 Try this, hope this will help :) 试试这个,希望这会有所帮助:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.