Der*_*ang 5 azure-active-directory .net-core
我正在尝试使用“隐式流”中生成的令牌获取 .Net Core 中 Azure AD 用户所属的组列表。没有组信息。
我正在使用以下链接中提到的“隐式流”: .NET Core 和 Azure Active Directory 集成
下面显示了如何在 .NET Framework 中执行此操作,但 .NET Core 没有“ActiveDirectoryClient”类。
任何帮助深表感谢!
德里克
您可以先在manifest中设置该groupMembershipClaims属性SecurityGroup,然后登录后在asp.net core中获取组列表:
var groups = User.Claims.Where(c => c.Type == "groups").ToList();
更新 :
然后您可以调用Azure AD Graph api来获取组信息。首先参考代码示例:https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore
在.net core app中,你可以获取组对象id并调用graph api:
https://graph.windows.net/myorganization/groups/<objectid>?api-version=1.6
您可以在应用程序的刀片中设置Read all groups委派权限。然后尝试下面的代码来获取组名称:Windows Azure Active DirectoryRequired permissions
try
{
var groups = User.Claims.Where(c => c.Type == "groups").ToList();
string userObjectID = (User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier"))?.Value;
AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, new NaiveSessionCache(userObjectID, HttpContext.Session));
ClientCredential credential = new ClientCredential(Startup.ClientId, Startup.ClientSecret);
result = await authContext.AcquireTokenSilentAsync(Startup.GraphResourceId, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
//
// Retrieve the group information.
//
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "https://graph.windows.net/myorganization/groups/"+ groups[1].Value + "?api-version=1.6" );
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = await client.SendAsync(request);
if (response.IsSuccessStatusCode)
{
List<Dictionary<String, String>> responseElements = new List<Dictionary<String, String>>();
JsonSerializerSettings settings = new JsonSerializerSettings();
String responseString = await response.Content.ReadAsStringAsync();
var model = JsonConvert.DeserializeObject<RootObject>(responseString);
var groupName = model.displayName;
}
else
{
if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
{
}
}
}
catch (Exception ee)
{
}
以下集团实体供您参考:
public class RootObject
{
public string objectType { get; set; }
public string objectId { get; set; }
public object deletionTimestamp { get; set; }
public string description { get; set; }
public object dirSyncEnabled { get; set; }
public string displayName { get; set; }
public object mail { get; set; }
public string mailNickname { get; set; }
public bool mailEnabled { get; set; }
public bool securityEnabled { get; set; }
}
| 归档时间: |
|
| 查看次数: |
4986 次 |
| 最近记录: |