1. 首页
  2. 问答
  3. 如何使用Azure Active Directory .NET SDK删除AppRoleAssignment?

如何使用Azure Active Directory .NET SDK删除AppRoleAssignment?

2015-04-05 68 views
1

我想弄清楚如何使用Azure Active Directory的图形API从组或用户中删除AppRoleAssignment。我正在使用.NET SDK(Microsoft.Azure.ActiveDirectory.GraphClient)。如何使用Azure Active Directory .NET SDK删除AppRoleAssignment?

我试过使用每IEntityBase标准DeleteAsync方法,但它失败并报错。它的发行,看起来像这样的HTTP请求:

DELETE /{tenantId}/directoryObjects/{appRoleAssignment ObjectID}/Microsoft.DirectoryServices.AppRoleAssignment?api-version=1.5

其失败与错误400错误的请求“直接查询,此资源类型不被支持。”

这并不是删除使用根据图形API AppRoleAssignments到this Microsoft blog post正确的方法它说你需要做的,看起来HTTP请求,如:

DELETE /{tenantId}/users/{user object ID}/appRoleAssignments/{appRoleAs}?api-version=1.5

如果我做一个手动的HTTP请求使用HttpClient使用该URL格式,它可以工作,但我想知道如何在.NET库的范围内执行此操作,而不是自己手动执行HTTP请求。

如何通过.NET库删除AppRoleAssignments?

来源

2015-04-05 Daniel Chambers

回答

0 
ActiveDirectoryClient client = AuthenticationHelper.GetActiveDirectoryClient(); 
user = (User) await client.Users.GetByObjectId(objectId).ExecuteAsync(); 

var roleId = ""; 
await user.AppRoleAssignments.Where(t=>t.ObjectId==roleId).FirstOrDefault().DeleteAsync();

下列网站可能会有所帮助:
https://github.com/AzureADSamples/WebApp-RoleClaims-DotNet https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet

来源

2015-04-20 10:23:27 okenshield

+2

谢谢,但你的例子不起作用。哪里不是关闭user.AppRoleAssignments的扩展方法,因为它是一个IPagedCollection,即使您重复该操作,也不会加载任务。尝试从IUserFetcher(来自Users.GetByObjectId)的.Expand加载它们会导致异常。我已经在AppRoleAssignment实例上尝试过DeleteAsync(它实现了IEntityBase),它也会导致异常,因为它会发出不正确的请求(请参阅问题)。 – 2015-04-21 13:02:29

+1

对不起,在这里延迟响应丹尼尔。我们在客户端库中存在一个问题,我们正在跟踪此问题 - 正如您发现通过DeleteAsync()方法目前不可能这样。我们希望我们很快能够解决这个问题,以便删除应用程序角色分配。 – 2015-04-22 17:41:51

+0

@丹克肖可以让我们知道它的解决与否。我试图通过库删除,但仍然无法正常工作。 – 2016-08-15 13:00:09

1

虽然是不固定的,你可以手动HTTP请求,但仍然使用Azure的AD SDK来acqure令牌。像这样的:

var tenantId = "<guid> tenant id"; 
var appId = "<guid> your Azure app id"; 
var appKey = "your app key"; 
var authority = "i.e. https://login.windows.net/mycompany.onmicrosoft.com"; 
var graphUrl = "https://graph.windows.net/"; 

public async Task RemoveRoleFromUser(Guid userId, string roleObjectId) { 
    var uri = string.Format("{0}/users/{1}/appRoleAssignments/{2}?api-version=1.5", tenantId, userId, roleObjectId); 
    await ExecuteRequest<object>(uri, HttpMethod.Delete); 
} 

private async Task<T> ExecuteRequest<T>(string uri, HttpMethod method = null, Object body = null) where T : class { 
    if (method == null) method = HttpMethod.Get; 
    T response; 
    var token = await AcquireTokenAsyncForApplication(); 
    using (var httpClient = new HttpClient { BaseAddress = getServicePointUri() }) { 
     var request = new HttpRequestMessage(method, uri); 
     request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); 
     if (body != null) { 
      request.Content = new StringContent(JsonConvert.SerializeObject(body), Encoding.UTF8, "application/json"); 
     } 
     var responseMessage = await httpClient.SendAsync(request).ConfigureAwait(false); 
     responseMessage.EnsureSuccessStatusCode(); 
     response = await responseMessage.Content.ReadAsAsync<T>(); 
    } 
    return response; 
} 

private async Task<string> AcquireTokenAsyncForApplication() { 
    ClientCredential clientCred = new ClientCredential(appId, appKey); 
    var authenticationContext = new AuthenticationContext(authority, false); 
    AuthenticationResult authenticationResult = authenticationContext.AcquireToken(graphUrl, clientCred); 
    return authenticationResult.AccessToken; 
} 

private Uri getServicePointUri() { 
    Uri servicePointUri = new Uri(graphUrl); 
    Uri serviceRoot = new Uri(servicePointUri, tenantId); 
    return serviceRoot; 
}

来源

2015-06-04 12:16:34 Andrey

相关问题

 相关问题