如何使用.Net Client SDK从Microsoft Graph获取我所属的管理员角色？

Question

I know how to get member directory roles filtering by type using the rest query below:

https://graph.microsoft.com/v1.0/me/memberOf/$/microsoft.graph.directoryRole

So the response from MS Graph api only contains directoryRole objects. Not sure how this can be done using the MS Graph .Net client SDK as we do not specify any OData keyword like Select or Filter in the actual Rest request.

Note that I do not want to call just memberOf and filter directoryRole type responses in memory on client side, I want this filter to be part of the query as in the URL above, so memberOf response contains only directoryRole s.

Answer 1

The Graph Net Client have not directly support your requirement.

But based on my test, we can try the following work around:

Use the following code to get the list with DirectoryRole and then filter by DisplayName, and then check the role template id (For the directoryRole from Me.MemberOf , if the DisplayName contains Administrator , basically, we are admin role. If use the DirectoryRoles api, we can iterate the list and check the role template id ):

// This will contains the group too, we need to filter it to get the directoryrole

    IUserMemberOfCollectionWithReferencesRequest builder = graphClient.Me.MemberOf.Request();
                    IUserMemberOfCollectionWithReferencesPage page = await builder.GetAsync();

    // This is all directoryrole in our tenant, we need to filter by DisplayName contains **Administrator**
                IGraphServiceDirectoryRolesCollectionRequest request = graphClient.DirectoryRoles.Request();
                IGraphServiceDirectoryRolesCollectionPage directoryRoles = await request.GetAsync();

Results of Me.MemberOf : Results of DirectoryRoles :

If the work around still cannot suit your requirement, I suggest you submit an feature request on uservoice and github issues

Supplementary answer: (Unfortunately the filtering is generally pretty limited in Microsoft Graph for directory resources. So you can just use the client side in-memory filter or submit feature request now)：

Theoretically, we can use the rest api like this( The specified filter to the reference property query is currently not supported. )

https://graph.microsoft.com/v1.0/me/memberOf/$/microsoft.graph.group?$filter=groupTypes/any(a:roleTemplateId eq  '62e90394-69f5-4237-9190-012177145e10')

And in the C# code which is based on the Graph Client

List<QueryOption> options = new List<QueryOption>
                {
                    new QueryOption("$filter", 
                      "groupTypes/any(a:roleTemplateId eq  '62e90394-69f5-4237-9190-012177145e10'")
                };   
IUserMemberOfCollectionWithReferencesRequest builder = graphClient.Me.MemberOf.Request(options); 

                    IGraphServiceDirectoryRolesCollectionRequest request = graphClient.DirectoryRoles.Request(options);

Answer 2

With the SDK, filtering is a function applied to the object. For example:

var users = await graphClient
    .Users
    .Request()
    .Filter("startswith(displayName,'A')")
    .GetAsync();

Unfortunately, this won't help you here since /memberOf doesn't support $filter . So you would need to do the filtering on the client.

If you're checking a specific directoryRole , you could come at this from the other direction. The /members endpoint does support filtering by member id :

v1.0/directoryRoles/{role-id}/members?$filter=id eq '{user-id}'

It is important to note here that /members does not support filtering by userPrincipalName , only by the actual id .