Add role to already created application using Azure AD Graph API in C#
Question
How to add roles in application that is already created on azure ad using Azure AD Graph API in c#.
I create role like this in c#:
Guid _id = new Guid();
AppRole appRole = new AppRole
{
AllowedMemberTypes = _AllowedMemberTypes,
Description = "Admins can manage roles and perform all actions.",
DisplayName = "Global Admin",
Id = _id,
IsEnabled = true,
Value = "Admin"
};
What call will be used to add this new role in application using Azure AD Graph API.
2 answers
solution1
2 ACCPTED 2018-11-26 06:44:35
Finally i was able to create a new role on azure using Azure Ad Graph API
1) Create a Role:
Guid _id = Guid.NewGuid();
List<String> _AllowedMemberTypes = new List<string> {
"User"
};
AppRole appRole = new AppRole
{
AllowedMemberTypes = _AllowedMemberTypes,
Description = "Admins can manage roles and perform all actions.",
DisplayName = "Global Admin",
Id = _id,
IsEnabled = true,
Value = "Admin"
};
2) Get Application in which role needed to be created:
IPagedCollection<IApplication> pagedCollection = await activeDirectoryClient.Applications.Where(x => x.AppId == AppclientId).ExecuteAsync();
var appObject = pagedCollection.CurrentPage.ToList().FirstOrDefault();
3) Add Role to Applicationa and Update Application:
appObject.AppRoles.Add(appRole as AppRole);
await appObject.UpdateAsync();
solution2
0 2018-11-23 10:02:03
You could refer to the code as below to assign application role.
1.get access token
private static async Task<string> GetAppTokenAsync(string graphResourceId, string tenantId, string clientId, string secretKey)
{
string aadInstance = "https://login.microsoftonline.com/" + tenantId + "/oauth2/token";
AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);
var result = await authenticationContext.AcquireTokenAsync(graphResourceId,
new ClientCredential(clientId, userId));
return result.AccessToken;
}
2.Init the graphclient.
var graphResourceId = "https://graph.windows.net";
var tenantId = "tenantId";
var clientId = "client Id";
var secretKey = "secret key";
var servicePointUri = new Uri(graphResourceId);
var serviceRoot = new Uri(servicePointUri, tenantId);
var activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await GetAppTokenAsync(graphResourceId, tenantId, clientId, secretKey));
3.create role
AppRole appRole = new AppRole
{
Id = Guid.NewGuid(),
IsEnabled = true,
Description = "Admins can manage roles and perform all actions.",
DisplayName = "Global Admin",
Value = "Admin"
};
4.add role assginments
User user = (User) activeDirectoryClient.Users.GetByObjectId("userobjectId").ExecuteAsync().Result;
AppRoleAssignment appRoleAssignment = new AppRoleAssignment
{
Id = appRole.Id,
ResourceId = Guid.Parse(newServicePrincpal.ObjectId),
PrincipalType = "User",
PrincipalId = Guid.Parse(user.ObjectId),
};
user.AppRoleAssignments.Add(appRoleAssignment);
user.UpdateAsync().Wait();
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.