[英]how to get the security group names of a user in azure active directory
我已經引用了論壇中的其他鏈接,並且具有下面的代碼,該代碼可以正常工作,並為我提供了特定Upn的安全組。
private List<string> GetGroups(string userName)
{
List<string> result = new List<string>();
WindowsIdentity wi = new WindowsIdentity(userName);
foreach (IdentityReference group in wi.Groups)
{
try
{
result.Add(group.Translate(typeof(NTAccount)).ToString());
}
catch (Exception ex) { }
}
result.Sort();
return result;
}
但是相同的代碼不適用於Azure。 因此,我嘗試了以下有效的代碼,但沒有找到讀取當前用戶擁有的安全組名稱的方法:
var displayName = ClaimsPrincipal.Current.FindFirst(ClaimTypes.Name).Value ;
var upn = ClaimsPrincipal.Current.FindFirst(ClaimTypes.Upn).Value;
您問題中的代碼是指使用Windows集成身份驗證(WIA)進行身份驗證的用戶。 使用Azure AD時,通常使用諸如網絡ID更高級別的身份驗證協議(例如OpenID Connect)通過公共Internet進行身份驗證。 這導致了呼叫者身份的不同表示。 請參閱http://blogs.technet.com/b/ad/archive/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles.aspx以獲取指導和有用信息有關在Azure AD中使用組的鏈接。
只需查看您的問題,該問題就需要memberof屬性來解決,並提供一個示例來幫助您查找安全組名稱。
var searchString = "upnname";
try
{
List<IUser> users = activeDirectoryClient.Users.Where(User => User.UserPrincipalName.StartsWith(searchString)).ExecuteAsync().Result.CurrentPage.ToList();
foreach (IUser user in users)
{
IUserFetcher userfetch = user as IUserFetcher;
IList<Group> groupMembership = new List<Group>();
IPagedCollection<IDirectoryObject> pagedCollection =userfetch.MemberOf.ExecuteAsync().Result;
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
var group = directoryObject as Group;
if(group.SecurityEnabled.Equals(true))
{
groupMembership.Add(group);
Console.WriteLine("UserPrincinpleName:{0} Group DisplayName:{1}", user.UserPrincipalName, group.DisplayName);
}
}
}
}
}
catch (Exception e)
{
Console.WriteLine("\nError getting Group {0} {1}",
e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
B2C之間存在一些差異。 如有任何疑問,請保持聯系。
public static string LookupDisplayNameOfAADObject(string objectId)
{
string objectDisplayName = null;
string tenantId = (System.Security.Claims.ClaimsPrincipal.Current).
FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string signedInUserID = (System.Security.Claims.ClaimsPrincipal.Current).
FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier).Value;
string userObjectID = (System.Security.Claims.ClaimsPrincipal.Current).
FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
ClientCredential credential = new ClientCredential(ConfigurationManager.AppSettings["ida:ClientId"],
ConfigurationManager.AppSettings["ida:ClientSecret"]);
// initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's EF DB
AuthenticationContext authContext = new AuthenticationContext(
string.Format(ConfigurationManager.AppSettings["ida:Authority"], tenantId),
new ADALTokenCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenSilent(
ConfigurationManager.AppSettings["ida:GraphAPIIdentifier"],
credential,
new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
HttpClient client = new HttpClient();
string doQueryUrl = string.Format("{0}/{1}/directoryObjects/{2}?api-version={3}",
ConfigurationManager.AppSettings["ida:GraphAPIIdentifier"], tenantId,
objectId,
ConfigurationManager.AppSettings["ida:GraphAPIVersion"]);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, doQueryUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = client.SendAsync(request).Result;
if (response.IsSuccessStatusCode)
{
var responseContent = response.Content;
string responseString = responseContent.ReadAsStringAsync().Result;
var directoryObject = System.Web.Helpers.Json.Decode(responseString);
if (directoryObject != null)
{
objectDisplayName = string.Format("{0} ({1})", directoryObject.displayName, directoryObject.objectType);
}
return objectDisplayName;
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.