从 Microsoft Graph 获取所有用户
[英]Get all users from Microsoft Graph
问题描述
I have an ASP.NET MVC application that is registered in Azure Active Directory.
我有一个在 Azure Active Directory 中注册的 ASP.NET MVC 应用程序。 I am adding a new feature to the app which will require a list of all users from AAD.我正在向应用程序添加一项新功能,该功能需要 AAD 中所有用户的列表。 By putting together some code snippets I got from various MSDN docs, this is what my method to get the users looks like so far:通过汇总我从各种 MSDN 文档中获得的一些代码片段,这就是我目前获取用户的方法:
public async Task GetUsers()
{
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
string clientSecret = ConfigurationManager.AppSettings["ida:ClientSecret"];
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenant)
.WithClientSecret(clientSecret)
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var users = await graphClient.Users.Request().GetAsync();
}
However, when I run the application, I get Original exception: AADSTS7000215: Invalid client secret is provided.但是,当我运行应用程序时,我得到原始异常:AADSTS7000215:提供了无效的客户端密码。 I double checked to make sure that the client secret that I added to web.config matches what's shown in AAD, and that the client secret hasn't expired.我再次检查以确保我添加到 web.config 的客户端密码与 AAD 中显示的内容匹配,并且客户端密码尚未过期。 I even deleted the client secret and created a new one, but that didn't fix the problem either.我什至删除了客户端密码并创建了一个新密码,但这也没有解决问题。 I also ensured that the permission User.Read.All of type Application has been granted for this app.我还确保已为此应用授予了 User.Read.All 类型的 Application 权限。 What could be causing this error, and what could be done to resolve it?什么可能导致此错误,以及可以采取什么措施来解决它? Also, I'm wondering if there's a simpler way to get a list of users given that I already have authentication set up for this app using Owin.IAppBuilder.另外,我想知道是否有更简单的方法来获取用户列表,因为我已经使用 Owin.IAppBuilder 为这个应用程序设置了身份验证。 Here's what I have in my Startup.cs file:这是我的 Startup.cs 文件中的内容:
public class Startup
{
private static string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenant = ConfigurationManager.AppSettings["ida:Tenant"];
private static string postLogoutRedirectUri = ConfigurationManager.AppSettings["ida:PostLogoutRedirectUri"];
string authority = string.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
}
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseOpenIdConnectAuthentication(
new OpenIdConnectAuthenticationOptions()
{
ClientId = clientId,
Authority = authority,
PostLogoutRedirectUri = postLogoutRedirectUri,
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthenticationFailed = ctx => {
ctx.HandleResponse();
ctx.Response.Redirect("/Error/messages" + ctx.Exception.Message);
return Task.FromResult(0);
}
} });
}
}
1 个解决方案
解决方案1
0 已采纳 2020-07-08 20:43:59
It works for me this way (using WithAuthority), I did not need any additional scopes:它以这种方式对我有用(使用 WithAuthority),我不需要任何额外的范围:
string clientId = ConfigurationManager.AppSettings["ida:ClientId"];
string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
string tenantId = ConfigurationManager.AppSettings["ida:TenantId"];
string clientSecret = ConfigurationManager.AppSettings["ida:ClientSecret"];
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithAuthority(new Uri($"{aadInstance}{tenantId}/"))
.WithClientSecret(clientSecret)
.Build();
and then...接着...
return await graphClient.Users
.Request()
.GetAsync();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.