[英]How to register an application in Azure AD for my tenants using CSP Global Admin credentials?
My goal is to create an application in Azure Active Directory for my tenants using CSP Global Admin Account using C#. 我的目标是使用C#的CSP Global Admin Account在Azure Active Directory中为我的租户创建一个应用程序。
As it is working through PowerShell commands. 当它通过PowerShell命令运行时。
Login-AzureRmAccount ==> CSP Global admin credentials
Select-AzureRmSubscription -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(Enter your Customer Microsoft ID)" ==> Select a tenant where I want to create application
$password = ConvertTo-SecureString "SomePass@123" -asplaintext -force
New-AzureRmADApplication -DisplayName "MyApp" -HomePage "http://MyApp" -IdentifierUris "http://MyApp" -Password $password ==> Application created in the above mentioned tenants account.
Please help me out doing the same in C#. 请帮助我在C#中执行相同的操作。
You can use Microsoft Graph API Beta version to create new application on azure portal 您可以使用Microsoft Graph API Beta版本在Azure门户上创建新的应用程序
Note One of the following permissions is required to call this API.
注意调用此API需要以下权限之一。 To learn more, including how to choose permissions, see Permissions .
要了解更多信息,包括如何选择权限,请参阅“ 权限” 。 see the screen shot below
见下面的屏幕截图
Request Format 请求格式
https://graph.microsoft.com/beta/applications
https://graph.microsoft.com/beta/applications
Update: 更新:
I have tried this way: 我已经尝试过这种方式:
Request From Microsoft Graph Explorer 来自Microsoft Graph Explorer的请求
Set the request body like below 如下设置请求正文
{
"displayName": "Your Application Name"
}
See the screen shot below 请参阅下面的屏幕截图
Azure Portal: Azure门户:
After successful response have checked on azure portal 成功响应后,请在天蓝色门户网站上进行检查
Point to remember
记住点
If you tried with Microsoft Graph Explorer must set below permission.
如果您尝试使用Microsoft Graph Explorer,则必须设置以下权限。
See the screen shot below 请参阅下面的屏幕截图
For more information you could check here 欲了解更多信息,请点击这里
Note: APIs under the /beta version in Microsoft Graph are subject to change.
注意: Microsoft Graph中/ beta版本下的API可能会更改。 Use of these APIs in production applications is not supported.
不支持在生产应用程序中使用这些API。
public static string postRequest(string url, string access_token, string data)
{
byte[] buffer = null;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Method = "post";
request.ContentType = "application/json";
request.Headers.Add("Authorization", "Bearer " + access_token);
//request.Headers.Add("other header", "it's value");
if (data != null)
buffer = Encoding.UTF8.GetBytes(data);
else
buffer = Encoding.UTF8.GetBytes("");
request.ContentLength = buffer.Length;
request.GetRequestStream().Write(buffer, 0, buffer.Length);
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
using (StreamReader reader = new StreamReader(response.GetResponseStream(), Encoding.UTF8))
{
return response.StatusCode + " " + reader.ReadToEnd();
}
}
public class PasswordCredential
{
public string startDate;
public string endDate;
public string keyId;
public string value;
}
public class AppConfiguration
{
public bool availableToOtherTenants;
public string displayName;
public string homepage;
public List<string> identifierUris = new List<string>();
public List<PasswordCredential> passwordCredentials = new List<PasswordCredential>();
}
static void Main(string[] args)
{
string tenantId = @"customer tenant id";
string resource = @"https://graph.windows.net/";
string clientId = @"1950a258-227b-4e31-a9cf-717495945fc2";
string returnUri = @"urn:ietf:wg:oauth:2.0:oob";
var context = new AuthenticationContext("https://login.microsoftonline.com/" + tenantId);
var uri = new Uri(returnUri);
var platformParams = new PlatformParameters(PromptBehavior.Always);
var authResult = context.AcquireTokenAsync(resource, clientId, uri, platformParams).Result;
var accessToken = authResult.AccessToken;
var url = @"https://graph.windows.net/{customer_tenant_id}/applications?api-version=1.6";
var passwordCredential = new PasswordCredential();
passwordCredential.startDate = DateTime.UtcNow.ToString("yyyy-MM-ddThh:mm:ssZ");
passwordCredential.endDate = DateTime.UtcNow.AddYears(1).ToString("yyyy-MM-ddThh:mm:ssZ");
passwordCredential.keyId = Guid.NewGuid().ToString();
passwordCredential.value = "TestPassword1.";
var appConfiguration = new AppConfiguration();
appConfiguration.availableToOtherTenants = false;
appConfiguration.displayName = "MyApp";
appConfiguration.homepage = "Https://MyApp";
appConfiguration.identifierUris.Add("https://MyApp");
appConfiguration.passwordCredentials.Add(passwordCredential);
var body = JsonConvert.SerializeObject(appConfiguration);
//Console.WriteLine(body);
var result = postRequest(url, accessToken, body);
Console.WriteLine(result);
Console.ReadLine();
}
I quickly created a sample for you using ADAL, Newtonsoft.Json and HttpWebRequest. 我使用ADAL,Newtonsoft.Json和HttpWebRequest为您快速创建了一个示例。 You can try with this code snippet first.
您可以先尝试使用此代码段。
Update: It is not suggested to hardcode your username and password.
更新:不建议对用户名和密码进行硬编码。 If you enable MFA, you may not able to get a token.
如果启用MFA,则可能无法获得令牌。 If MFA is disabled, you can try with the follwoing code snippet:
如果禁用了MFA,则可以尝试以下代码段:
string userName = @"xxxx@xxxx.onmicrosoft.com";
string passWord = @"password";
var context = new AuthenticationContext("https://login.microsoftonline.com/tenant_id");
result = context.AcquireTokenAsync(
resource,
clientid,
new UserPasswordCredential(userName, passWord)).Result;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.