stackoom
  简体   繁体   中英

Granting permissions to Azure Active Directory Web Application automatically

 原文  2017-09-08 23:52:06       azure/ azure-active-directory/ azure-ad-graph-api

Question

Our company is developing a system that is based on Azure components and a client desktop application that connects to Azure. The Azure components are being deployed automatically by our setup code via the Azure API and Azure deployment automation. One of these components being deployed is a Web App / API that we register in the Azure Active Directory. Our deployment code creates this app in Azure via the Azure API and sets the "Required permissions" for this app in Azure. The required permissions are:

在此处输入图片说明

Once the application is set up with Azure we then have our client desktop application. In our client desktop application the user can log into the Azure and then we want to access the created application. So our client desktop application basically displays the Azure login box to log into Azure and then it tries to access the Web application in Azure, and we got this:

在此处输入图片说明

OK, so I can manually solve it: if I log into Azure as Admin and I manually grant the permissions by clicking the "Grant Permissions" button, the message shown above will not be shown anymore and everything will work smoothly. The "Grant Permissions" button I click is this:

在此处输入图片说明

But unfortunately we cannot go this way of granting the permissions manually, we need to find a way to do it programmatically - by C# code. This is our business requirement. So the existing C# code creates the application in Azure AD, sets the required permissions for it, and the missing part is a C# snippet that will automatically grant the permissions - so that the users don't see the warning message above. I've been looking into various online resources and haven't found a way to do it by C# code as yet - unfortunately. Is there a way to grant the permissions automatically? Any C# snippet? Azure API call? Powershell? Anything?

Regarding details of permissions that our application requests: For the Microsoft Graph we required those permissions as Application Permissions:

在此处输入图片说明

And those as Delegated Permissions:

在此处输入图片说明

For Windows Azure Active Directory the required permissions are:

在此处输入图片说明

1 answers

solution1
 0 ACCPTED  2017-09-17 07:47:39

The question has been answered above by @Saca and @Nan Yu. It can be closed now. The solution based on creating OAuth2PermissionGrant and AppRoleAssignment objects for the ServicePrincipal of an application being created is the right way to solve the problem, I have managed to solve the problem this way.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Roles & Permissions in Azure Active Directory for Application Use How to get permissions in Azure Active Directory Application? Granting permissions to Python file in Azure Web Services Azure Active Directory Login: Web App Permissions, User Consent not triggered Is there a way to add custom permissions for web app user in azure active directory Cannot revoke permissions granted to the application from Azure Active Directory What are “delegated permissions” in the context of an Azure Active directory Application? Azure Active Directory Object Permissions Azure Active directory API permissions Granting git fetch permissions (but not git push) on Azure Web Sites
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM