堆栈内存溢出
  简体   繁体   English

如何使用CSP Global Admin凭据在Azure AD中为租户注册应用程序?

[英]How to register an application in Azure AD for my tenants using CSP Global Admin credentials?

 原文  2019-04-10 09:50:04       c#/ azure/ azure-active-directory/ azure-resource-manager/ azure-ad-graph-api

问题描述

My goal is to create an application in Azure Active Directory for my tenants using CSP Global Admin Account using C#. 我的目标是使用C#的CSP Global Admin Account在Azure Active Directory中为我的租户创建一个应用程序。

As it is working through PowerShell commands. 当它通过PowerShell命令运行时。 

Login-AzureRmAccount ==> CSP Global admin credentials
Select-AzureRmSubscription -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(Enter your Customer Microsoft ID)" ==> Select a tenant where I want to create application
$password = ConvertTo-SecureString "SomePass@123" -asplaintext -force
New-AzureRmADApplication -DisplayName "MyApp" -HomePage "http://MyApp" -IdentifierUris "http://MyApp" -Password $password ==> Application created in the above mentioned tenants account.

Please help me out doing the same in C#. 请帮助我在C#中执行相同的操作。

2 个解决方案

解决方案1
 0  2019-04-10 10:27:42

You can use Microsoft Graph API Beta version to create new application on azure portal 您可以使用Microsoft Graph API Beta版本在Azure门户上创建新的应用程序

Note One of the following permissions is required to call this API. 注意调用此API需要以下权限之一。 To learn more, including how to choose permissions, see Permissions . 要了解更多信息,包括如何选择权限,请参阅“ 权限” see the screen shot below 见下面的屏幕截图

在此处输入图片说明

Request Format 请求格式

https://graph.microsoft.com/beta/applications https://graph.microsoft.com/beta/applications

Update: 更新:

I have tried this way: 我已经尝试过这种方式:

Request From Microsoft Graph Explorer 来自Microsoft Graph Explorer的请求

Set the request body like below 如下设置请求正文 

{
  "displayName": "Your Application Name"
}

See the screen shot below 请参阅下面的屏幕截图

在此处输入图片说明

Azure Portal: Azure门户:

After successful response have checked on azure portal 成功响应后,请在天蓝色门户网站上进行检查

在此处输入图片说明

Point to remember 记住点

If you tried with Microsoft Graph Explorer must set below permission. 如果您尝试使用Microsoft Graph Explorer,则必须设置以下权限。

See the screen shot below 请参阅下面的屏幕截图

在此处输入图片说明

For more information you could check here 欲了解更多信息,请点击这里

Note: APIs under the /beta version in Microsoft Graph are subject to change. 注意: Microsoft Graph中/ beta版本下的API可能会更改。 Use of these APIs in production applications is not supported. 不支持在生产应用程序中使用这些API。

解决方案2
 0 已采纳  2019-04-16 07:19:14

    public static string postRequest(string url, string access_token, string data)
    {
        byte[] buffer = null;
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
        request.Method = "post";
        request.ContentType = "application/json";
        request.Headers.Add("Authorization", "Bearer " + access_token);
        //request.Headers.Add("other header", "it's value");
        if (data != null)
            buffer = Encoding.UTF8.GetBytes(data);
        else
            buffer = Encoding.UTF8.GetBytes("");
        request.ContentLength = buffer.Length;
        request.GetRequestStream().Write(buffer, 0, buffer.Length);
        HttpWebResponse response = (HttpWebResponse)request.GetResponse();
        using (StreamReader reader = new StreamReader(response.GetResponseStream(), Encoding.UTF8))
        {
            return response.StatusCode + " " + reader.ReadToEnd();
        }
    }


    public class PasswordCredential
    {
        public string startDate;
        public string endDate;
        public string keyId;
        public string value;
    }

    public class AppConfiguration
    {
        public bool availableToOtherTenants;
        public string displayName;
        public string homepage;
        public List<string> identifierUris = new List<string>();
        public List<PasswordCredential> passwordCredentials = new List<PasswordCredential>();
    }

    static void Main(string[] args)
    {
        string tenantId = @"customer tenant id";
        string resource = @"https://graph.windows.net/";
        string clientId = @"1950a258-227b-4e31-a9cf-717495945fc2";
        string returnUri = @"urn:ietf:wg:oauth:2.0:oob";

        var context = new AuthenticationContext("https://login.microsoftonline.com/" + tenantId);

        var uri = new Uri(returnUri);
        var platformParams = new PlatformParameters(PromptBehavior.Always);
        var authResult = context.AcquireTokenAsync(resource, clientId, uri, platformParams).Result;
        var accessToken = authResult.AccessToken;

        var url = @"https://graph.windows.net/{customer_tenant_id}/applications?api-version=1.6";

        var passwordCredential = new PasswordCredential();
        passwordCredential.startDate = DateTime.UtcNow.ToString("yyyy-MM-ddThh:mm:ssZ");
        passwordCredential.endDate = DateTime.UtcNow.AddYears(1).ToString("yyyy-MM-ddThh:mm:ssZ");
        passwordCredential.keyId = Guid.NewGuid().ToString();
        passwordCredential.value = "TestPassword1.";

        var appConfiguration = new AppConfiguration();
        appConfiguration.availableToOtherTenants = false;
        appConfiguration.displayName = "MyApp";
        appConfiguration.homepage = "Https://MyApp";
        appConfiguration.identifierUris.Add("https://MyApp");
        appConfiguration.passwordCredentials.Add(passwordCredential);

        var body = JsonConvert.SerializeObject(appConfiguration);
        //Console.WriteLine(body);

        var result = postRequest(url, accessToken, body);
        Console.WriteLine(result);

        Console.ReadLine();
    }

I quickly created a sample for you using ADAL, Newtonsoft.Json and HttpWebRequest. 我使用ADAL,Newtonsoft.Json和HttpWebRequest为您快速创建了一个示例。 You can try with this code snippet first. 您可以先尝试使用此代码段。

Update: It is not suggested to hardcode your username and password. 更新:不建议对用户名和密码进行硬编码。 If you enable MFA, you may not able to get a token. 如果启用MFA,则可能无法获得令牌。 If MFA is disabled, you can try with the follwoing code snippet: 如果禁用了MFA,则可以尝试以下代码段: 

    string userName = @"xxxx@xxxx.onmicrosoft.com";
    string passWord = @"password";

    var context = new AuthenticationContext("https://login.microsoftonline.com/tenant_id");

    result = context.AcquireTokenAsync(
          resource,
          clientid,
          new UserPasswordCredential(userName, passWord)).Result;

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何只允许某些特定租户的用户使用Azure AD登录到我的应用程序 - How to allow users from only some specific tenants to be able to login to my app using Azure AD 如何使用Web应用程序/ WebAPI验证Azure AD中的用户凭据 - How to validate user credentials in Azure AD with Web application / WebAPI 如何在 azure ad scim 配置中支持多个租户和秘密令牌 - How to support multiple tenants and secret tokens in azure ad scim provisioning 如何在我的 web 表单应用程序中调用 Azure AD 服务 - how to call Azure AD service in my web form application 如何使用用户凭据从 azure 广告生成不记名令牌 - How to generate a bearer token from azure ad with user credentials 如何使用.NET Core Web应用程序的单个实例中的动态租户对Azure Active Directory中的用户进行身份验证? - How to authenticate users in Azure Active Directory with dynamic tenants inside single instance of .NET Core web application? 如何为 Sass 应用程序使用 Azure 广告多租户 - How to use Azure Ad multitenant for Sass Application 如何为我的 React/.NET Core 3.0 SPA web 应用程序添加 Microsoft Identity/Azure AD 登录功能 - How to add Microsoft Identity/Azure AD login feature for my React/.NET Core 3.0 SPA web application 如何通过代码为桌面应用程序传递Windows 7管理凭据? - How to pass windows 7 admin credentials for desktop application by code? 在Azure注册多个应用 - Register multiple application in Azure
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM