Create users in ASP.NET Core web app using Active Directory authentication
Question
How can I Create/Edit users in an ASP.NET Core web app that use OAuth or OpenID Connect to authentication?
All the documentation and examples I have found allow the users to sign-up. eg( active-directory-dotnet-webapp-openidconnect-aspnetcore )
The requirements I have are the ability to create/edit users and assign roles in our database AND then allow those users to login to the web app using Azure AD.
1 answers
solution1
1 ACCPTED 2017-05-03 06:18:57
If you are building an app which may include azure ad user management , and want to create/edit users after admin user login . You could firstly refer to below code sample about how to call a web API in an ASP.NET Core web application using Azure AD :
https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore
Then you could use Azure AD graph api to create azure ad users :
Firstly register the app in azure portal , setting redirect url( https://localhost:44371/signin-oidc for example) , add a key ,configure permissions for your application , To use azure ad graph api , you need to choose
Windows Azure Active Directory,and set delegate permissionRead and write directory data(require admin consent) .In the controller action(HttpPost) , you could use below code to create a user :
AuthenticationResult result = null; try { string userObjectID = (User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier"))?.Value; AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, new NaiveSessionCache(userObjectID, HttpContext.Session)); ClientCredential credential = new ClientCredential(Startup.ClientId, Startup.ClientSecret); result = await authContext.AcquireTokenSilentAsync("https://graph.windows.net", credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId)); var userData = new { accountEnabled = true, displayName = "nan yu", mailNickname = "nanyu", passwordProfile = new { password = "xxxxxx", forceChangePasswordNextLogin = false }, userPrincipalName = "nanyuTest54@testbasic1.onmicrosoft.com" }; // Forms encode todo item, to POST to the Azure AD graph api. HttpContent content = new StringContent(JsonConvert.SerializeObject(userData), System.Text.Encoding.UTF8, "application/json"); // // Add the azure ad user. // HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, "https://graph.windows.net/myorganization/users?api-version=1.6"); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); request.Content = content; HttpResponseMessage response = await client.SendAsync(request); // // Return user in the view. // if (response.IsSuccessStatusCode) { return RedirectToAction("Index"); } else { // // If the call failed with access denied, then drop the current access token from the cache, // and show the user an error indicating they might need to sign-in again. // if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized) { } } } catch (Exception ee) { // // The user needs to re-authorize. Show them a message to that effect. // }
If i misunderstand your requirement , please feel free to let me know .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.