rga*_*han 6 azure-ad-b2c microsoft-graph-api
我正在尝试...@gmail.com通过 Graph API (C#)将带有电子邮件的用户添加到我的 B2C 目录。我得到这个作为回应:
userPrincipalName 属性的域部分无效。您必须在您的组织中使用经过验证的域名之一。
该系统需要允许任何电子邮件域的用户登录。用户需要登录网站,不能访问 Azure 门户。
有没有办法在不手动添加每个域的情况下完成此操作?
通过Graph API添加用户的代码:
var confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenantId)
.WithClientSecret(clientSecret)
.Build();
var authProvider = new ClientCredentialProvider(confidentialClientApplication);
var graphClient = new GraphServiceClient(authProvider);
var user = new User
{
AccountEnabled = true,
DisplayName = emailAddress,
MailNickname = emailAddress.Split('@').FirstOrDefault(),
UserPrincipalName = emailAddress,
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = true,
Password = tempPassword
}
};
我必须添加以下软件包:
<PackageReference Include="Microsoft.Graph" Version="4.0.0-preview.7" />
<PackageReference Include="Microsoft.Graph.Auth" Version="1.0.0-preview.7" />
然后:
var confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(Settings.ClientId)
.WithTenantId(Settings.Tenant)
.WithClientSecret(Settings.ClientSecret)
.Build();
var authProvider = new ClientCredentialProvider(confidentialClientApplication);
var graphClient = new GraphServiceClient(authProvider);
var user = new User
{
AccountEnabled = true,
GivenName = "Name",
Surname = "Surname",
DisplayName = "Name Surname",
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = false,
Password = "pass.123",
},
PasswordPolicies = "DisablePasswordExpiration",
Identities = new List<ObjectIdentity>
{
new ObjectIdentity()
{
SignInType = "emailAddress",
Issuer = Settings.Tenant,
IssuerAssignedId = "sample@sample.com"
}
}
};
await graphClient.Users.Request().AddAsync(user);
确保添加在 Azure 门户中创建用户的权限。
如果您尝试创建本地 B2C(而非 AAD)帐户,请尝试在您的请求中设置identities属性,而不是 upn。这最后应该是自动生成的。此外,必须禁用密码过期,并且还必须禁用下次登录时强制更改密码。
| 归档时间: |
|
| 查看次数: |
949 次 |
| 最近记录: |