如何在Azure活動目錄中獲取用戶的安全組名稱

Question

我已經引用了論壇中的其他鏈接，並且具有下面的代碼，該代碼可以正常工作，並為我提供了特定Upn的安全組。

private List<string> GetGroups(string userName)
{
 List<string> result = new List<string>();
 WindowsIdentity wi = new WindowsIdentity(userName);

 foreach (IdentityReference group in wi.Groups)
 {
     try
     {
         result.Add(group.Translate(typeof(NTAccount)).ToString());
     }
     catch (Exception ex) { }
 }
result.Sort();
return result;
}

但是相同的代碼不適用於Azure。 因此，我嘗試了以下有效的代碼，但沒有找到讀取當前用戶擁有的安全組名稱的方法：

        var displayName =  ClaimsPrincipal.Current.FindFirst(ClaimTypes.Name).Value ;
        var upn =  ClaimsPrincipal.Current.FindFirst(ClaimTypes.Upn).Value;

Answer 1

您問題中的代碼是指使用Windows集成身份驗證（WIA）進行身份驗證的用戶。 使用Azure AD時，通常使用諸如網絡ID更高級別的身份驗證協議（例如OpenID Connect）通過公共Internet進行身份驗證。 這導致了呼叫者身份的不同表示。 請參閱http://blogs.technet.com/b/ad/archive/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles.aspx以獲取指導和有用信息有關在Azure AD中使用組的鏈接。

Answer 2

只需查看您的問題，該問題就需要memberof屬性來解決，並提供一個示例來幫助您查找安全組名稱。

  var searchString = "upnname";
        try
        {
           List<IUser> users = activeDirectoryClient.Users.Where(User => User.UserPrincipalName.StartsWith(searchString)).ExecuteAsync().Result.CurrentPage.ToList();
            foreach (IUser user in users)
            {
                IUserFetcher userfetch = user as IUserFetcher;
                IList<Group> groupMembership = new List<Group>();
                IPagedCollection<IDirectoryObject> pagedCollection =userfetch.MemberOf.ExecuteAsync().Result;

                List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
                foreach (IDirectoryObject directoryObject in directoryObjects)
                {
                    if (directoryObject is Group)
                    {
                        var group = directoryObject as Group;
                         if(group.SecurityEnabled.Equals(true))
                        {
                        groupMembership.Add(group);
                        Console.WriteLine("UserPrincinpleName:{0} Group DisplayName:{1}", user.UserPrincipalName, group.DisplayName);
                        }
                    }
                }

            }          
               }

        catch (Exception e)
        {
            Console.WriteLine("\nError getting Group {0} {1}",
                e.Message, e.InnerException != null ? e.InnerException.Message : "");
        }

B2C之間存在一些差異。 如有任何疑問，請保持聯系。

Answer 3

public static string LookupDisplayNameOfAADObject(string objectId)
{
    string objectDisplayName = null;
    string tenantId = (System.Security.Claims.ClaimsPrincipal.Current).
                      FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
    string signedInUserID = (System.Security.Claims.ClaimsPrincipal.Current).
                            FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier).Value;
    string userObjectID = (System.Security.Claims.ClaimsPrincipal.Current).
                          FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
    ClientCredential credential = new ClientCredential(ConfigurationManager.AppSettings["ida:ClientId"],
                                                       ConfigurationManager.AppSettings["ida:ClientSecret"]);

    // initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's EF DB
    AuthenticationContext authContext = new AuthenticationContext(
        string.Format(ConfigurationManager.AppSettings["ida:Authority"], tenantId),
        new ADALTokenCache(signedInUserID));

    AuthenticationResult result = authContext.AcquireTokenSilent(
        ConfigurationManager.AppSettings["ida:GraphAPIIdentifier"],
        credential,
        new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));

    HttpClient client = new HttpClient();

    string doQueryUrl = string.Format("{0}/{1}/directoryObjects/{2}?api-version={3}",
                                      ConfigurationManager.AppSettings["ida:GraphAPIIdentifier"], tenantId,
                                      objectId,
                                      ConfigurationManager.AppSettings["ida:GraphAPIVersion"]);

    HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, doQueryUrl);
    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
    HttpResponseMessage response = client.SendAsync(request).Result;

    if (response.IsSuccessStatusCode)
    {
        var responseContent = response.Content;
        string responseString = responseContent.ReadAsStringAsync().Result;
        var directoryObject = System.Web.Helpers.Json.Decode(responseString);

        if (directoryObject != null) 
        {
            objectDisplayName = string.Format("{0} ({1})", directoryObject.displayName, directoryObject.objectType);
        }

        return objectDisplayName;
    }
}

如何在Azure活動目錄中獲取用戶的安全組名稱

問題描述

3 個解決方案

解決方案1
1 2015-11-24 18:04:40

解決方案2
0 2016-03-17 02:30:07

解決方案3
0 2016-09-29 23:19:33

如何在Azure活動目錄中獲取用戶的安全組名稱

問題描述

3 個解決方案

解決方案1 1 2015-11-24 18:04:40

解決方案2 0 2016-03-17 02:30:07

解決方案3 0 2016-09-29 23:19:33

解決方案1
1 2015-11-24 18:04:40

解決方案2
0 2016-03-17 02:30:07

解決方案3
0 2016-09-29 23:19:33