如何以编程方式为 Azure AD 应用程序分配权限
[英]How to programmatically assign permissions to Azure AD app
问题描述
I need to programmatically create an app in Azure AD and programmatically assign it permissions for Graph APIs.
我需要以编程方式在 Azure AD 中创建一个应用程序,并以编程方式为其分配图形 API 的权限。 Somehow I am unable to find any good info on this.不知何故,我无法找到任何关于此的好信息。 Please let me know if there is any good example of this.请让我知道是否有任何很好的例子。
I am able to create a basic app but not sure how to assign permissions to it.我能够创建一个基本的应用程序,但不确定如何为其分配权限。
I have a few basic queries:我有几个基本的疑问:
- Can we create an app and assign permissions at the same time?我们可以同时创建应用程序和分配权限吗? Or we need to first create app and then assign permissions?或者我们需要先创建应用程序然后分配权限?
- How can I get a repository of all the possible permissions?如何获得所有可能权限的存储库? Is there any way I can get a readable form of permissions and also its GUID representation?有什么方法可以获得可读的权限形式及其 GUID 表示吗?
Any C# example of this would be much appreciated.任何这样的 C# 示例都将不胜感激。
3 个解决方案
解决方案1
1 已采纳 2020-08-27 13:43:36
PFB answer to your queries : PFB 回答您的疑问:
Can we create an app and assign permissions at the same time?我们可以同时创建应用程序和分配权限吗? Or we need to first create app and then assign permissions?或者我们需要先创建应用程序然后分配权限? --> Yes you can create an app and assign permissions are the same time. --> 是的,您可以同时创建应用程序并分配权限。
How can I get a repository of all the possible permissions?如何获得所有可能权限的存储库? Is there any way I can get a readable form of permissions and also its GUID representation?有什么方法可以获得可读的权限形式及其 GUID 表示吗? --> Here is the link for all the possible permissions : https://docs.microsoft.com/en-us/graph/permissions-reference You can use Microsoft Graph explorer to execute queries and get the GUID representation. --> 这是所有可能权限的链接: https : //docs.microsoft.com/en-us/graph/permissions-reference您可以使用Microsoft Graph 资源管理器来执行查询并获取 GUID 表示。 Here is the link : https://developer.microsoft.com/en-us/graph/graph-explorer这是链接: https : //developer.microsoft.com/en-us/graph/graph-explorer
解决方案2
1 2020-08-28 05:50:57
You must first register an application in the Azure portal (or you must have an application first), and then grant the application permission or delegate permission to call MS graph api to create other applications, here is a detailed explanation Description.必须先在Azure门户中注册一个应用程序(或者你必须先有一个应用程序),然后授予应用程序权限或委托权限来调用MS图形api来创建其他应用程序, 这里有详细的解释说明。
Next, you can create other applications based on this application using C# code + MS graph api , and grant permissions to other applications (this is a separate operation, of course, you can also create an application and assign permissions at the same time).接下来就可以使用C#代码+MS图api在这个应用程序的基础上创建其他应用程序,并给其他应用程序授予权限(这是一个单独的操作,当然你也可以创建一个应用程序并同时分配权限)。
解决方案3
0 2020-08-27 12:16:14
At first you have to register your application in the Azure Active Directory.首先,您必须在 Azure Active Directory 中注册您的应用程序。 Go to Azure Portal and navigate to the Azure AD -> App Registrations and create a new App.转到Azure 门户并导航到 Azure AD -> 应用注册并创建一个新应用。
In the Apps administration view, go to API-Permissions and click on "Add a permission".在应用程序管理视图中,转到 API 权限并单击“添加权限”。 Now you can see all the available permissions you can grant to you application.现在,您可以看到可以授予应用程序的所有可用权限。
For some permissions (indicated by an orange warning sign) you have to grant admin consent afterwards.对于某些权限(由橙色警告标志表示),您必须在事后授予管理员同意。
After you have done those steps and you configured the redirect URLs (also in the Azure portal), you can access the data you have permissions from your application.完成这些步骤并配置重定向 URL(也在 Azure 门户中)后,您可以从应用程序访问您拥有权限的数据。
Note: You will also have to implement an authorization flow to make use of Microsoft Graph.注意:您还必须实施授权流程才能使用 Microsoft Graph。 You can find additional information here Microsoft Graph Authentication您可以在此处找到更多信息Microsoft Graph 身份验证
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.