![](/img/trans.png)
[英]Determine if a logged in user is a member of an AD group, in a web app deployed to Azure
[英]display list of user in a AD group in azure web app
我是 azure web 应用程序的新手,我的用例是在网页中显示属于单个 AD 组的所有用户。 我已经尝试在我的 webapp 控制器中运行 power shell 命令“ Get-azureaduser ”,但它向我抛出一个错误,指出“ poweshell 工作区必须在管理模式下运行”。 任何帮助表示赞赏。
您可以使用Microsoft Graph SDK
尝试以下代码片段
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var groups = await graphClient.Groups
.Request()
.GetAsync();
您可以尝试的另一种方法:
string tokenUrl = $"https://login.microsoftonline.com/YourTenant.onmicrosoft.com/oauth2/token";
var tokenRequest = new HttpRequestMessage(HttpMethod.Post, tokenUrl);
//I am Using client_credentials as It is mostly recomended
tokenRequest.Content = new FormUrlEncodedContent(new Dictionary<string, string>
{
["grant_type"] = "client_credentials",
["client_id"] = "b603c7be-a866_Your_Client_Id_6921e61f925",
["client_secret"] = "Vxf1SluKbgu_Client_Secret_SeZ8wL/Yp8ns4sc=",
["resource"] = "https://graph.microsoft.com/" // If you use auth/V2.0 then use ["scope"] = "https://graph.microsoft.com/.default"
});
dynamic json;
AccessTokenClass results = new AccessTokenClass();
HttpClient client = new HttpClient();
var tokenResponse = await client.SendAsync(tokenRequest);
json = await tokenResponse.Content.ReadAsStringAsync();
results = JsonConvert.DeserializeObject<AccessTokenClass>(json);
//New Block For Accessing Group Data from Microsoft Graph Rest API
HttpClient _client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, string.Format("https://graph.microsoft.com/v1.0/groups"));
//Passing Token For this Request
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", results.access_token);
HttpResponseMessage response = await _client.SendAsync(request);
dynamic objAdGroupList = JsonConvert.DeserializeObject<dynamic>(await response.Content.ReadAsStringAsync());
我用过的类:
public class AccessTokenClass
{
public string token_type { get; set; }
public string expires_in { get; set; }
public string resource { get; set; }
public string access_token { get; set; }
}
Azure 门户所需的权限:
您应该在 azure 门户上拥有
Application permission
Group.Read.All, Directory.Read.All, Group.ReadWrite.AllDirectory.ReadWrite.All
权限。
请看下面的截图:
如果您仍有任何疑问,请参阅官方文档并随时分享。
希望它会有所帮助
您可以使用 Graph API 列表组方法
GET https://graph.microsoft.com/v1.0/groups
https://docs.microsoft.com/en-us/graph/api/group-list?view=graph-rest-1.0&tabs=http
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.