[英]Azure Active Directory - how to assign application role to group programmatically
我正在尋找使用Azure AD創建基於角色的授權mvc應用程序:
從Azure門戶,我可以:
我剛剛獲得了免費的Azure Active Directory版本,並且已經閱讀到我們可以使用Microsoft Azure Active Directory執行以下操作:
Microsoft提供了很好的示例來查詢AAD,但我已經開始使用它了,但是我不知道如何將應用程序分配給組。
這是我得到組的偽代碼:
ActiveDirectoryClient client = AuthenticationHelper.GetActiveDirectoryClient();
var app = (await client.Applications.GetByObjectId("applicationObjectId").ExecuteAsync());
var servicePrincipal = await client.ServicePrincipals.GetByObjectId("servicePrincipalObjectId").ExecuteAsync();
var appRole = app.AppRoles.First(r => r.DisplayName == "my role");
var mygroup = (await client.Groups.ExecuteAsync()).CurrentPage.FirstOrDefault();
我想做的是這樣的:
mygroup .AppRoleAssignments.Add(new AppRoleAssignment()
{
ResourceId = Guid.Parse(servicePrincipal.ObjectId),
Id = appRole.Id,
PrincipalType = "Group",
PrincipalId = Guid.Parse(mygroup .ObjectId),
});
await group.UpdateAsync();
但是AppRoleAssignments的類型為IPagedCollection<IAppRoleAssignment>
並且沒有Add方法。
有誰知道我需要在代碼中進行修改嗎?
實際上,這很簡單...我不得不將IGroup轉換為Group
:
ActiveDirectoryClient client = AuthenticationHelper.GetActiveDirectoryClient();
var app = (await client.Applications.GetByObjectId("applicationObjectId").ExecuteAsync());
var servicePrincipal = await client.ServicePrincipals.GetByObjectId("servicePrincipalObjectId").ExecuteAsync();
var appRole = app.AppRoles.First(r => r.DisplayName == "my role");
var mygroup = (Group)(await client.Groups.ExecuteAsync()).CurrentPage.FirstOrDefault();
它工作正常^^:
mygroup .AppRoleAssignments.Add(new AppRoleAssignment()
{
ResourceId = Guid.Parse(servicePrincipal.ObjectId),
Id = appRole.Id,
PrincipalType = "Group",
PrincipalId = Guid.Parse(mygroup .ObjectId),
});
await group.UpdateAsync();
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.