使用图形 API 从 Azure AD 获取用户配置文件
[英]Get user profile from Azure AD using graph api
问题描述
I want to develop a timer job (C#), which will run at background without any logged in user, through which i need to fetch user profile (profile image and job title) from Azure AD using a graph api.
我想开发一个计时器作业 (C#),它将在没有任何登录用户的情况下在后台运行,我需要通过它使用图形 api 从 Azure AD 获取用户配置文件(配置文件图像和职位)。 I want to achieve this using delegated permissions (User.ReadBasic.All) as i'm not allowed to use application level permissions for User.Read.All.我想使用委托权限 (User.ReadBasic.All) 来实现这一点,因为我不允许对 User.Read.All 使用应用程序级别的权限。 So is there any way i can achieve this.那么有什么办法可以实现这一点。
1 个解决方案
解决方案1
0 2020-01-30 06:12:11
Yes, but the user will have to sign in to your app at least once to initiate the process.可以,但用户必须至少登录您的应用一次才能启动该过程。
The way you can do this:你可以这样做的方式:
- User signs in to your app (this can be a separate Web app for example)用户登录您的应用程序(例如,这可以是一个单独的 Web 应用程序)
- You store the refresh token received in a secure manner (per user, each user has their own token)您以安全的方式存储收到的刷新令牌(每个用户,每个用户都有自己的令牌)
- Your background process can take this refresh token, and exchange it for an access token + a new refresh token您的后台进程可以使用此刷新令牌,并将其交换为访问令牌 + 新的刷新令牌
- Store the new refresh token in the same secure storage将新的刷新令牌存储在同一个安全存储中
- Use the access token to do what you need to do使用访问令牌执行您需要执行的操作
This process will work in the background for as long as the refresh tokens work.只要刷新令牌工作,这个过程就会在后台工作。 But they can and do expire.但它们可以而且确实会过期。 You will need to be prepared for this as to make it work again for that user, they will have to repeat step 1 again.您需要为此做好准备,以使其再次为该用户工作,他们将不得不再次重复步骤 1。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.