1. 首頁
  2. 問答
  3. 如何使用Azure Active Directory .NET SDK刪除AppRoleAssignment?

如何使用Azure Active Directory .NET SDK刪除AppRoleAssignment?

2015-04-05 80 views
1

我想弄清楚如何使用Azure Active Directory的圖形API從組或用戶中刪除AppRoleAssignment。我正在使用.NET SDK(Microsoft.Azure.ActiveDirectory.GraphClient)。如何使用Azure Active Directory .NET SDK刪除AppRoleAssignment?

我試過使用每IEntityBase標準DeleteAsync方法,但它失敗並報錯。它的發行,看起來像這樣的HTTP請求:

DELETE /{tenantId}/directoryObjects/{appRoleAssignment ObjectID}/Microsoft.DirectoryServices.AppRoleAssignment?api-version=1.5

其失敗與錯誤400錯誤的請求「直接查詢,此資源類型不被支持。」

這並不是刪除使用根據圖形API AppRoleAssignments到this Microsoft blog post正確的方法它說你需要做的,看起來HTTP請求,如:

DELETE /{tenantId}/users/{user object ID}/appRoleAssignments/{appRoleAs}?api-version=1.5

如果我做一個手動的HTTP請求使用HttpClient使用該URL格式,它可以工作,但我想知道如何在.NET庫的範圍內執行此操作,而不是自己手動執行HTTP請求。

如何通過.NET庫刪除AppRoleAssignments?

來源

2015-04-05 Daniel Chambers

回答

0 
ActiveDirectoryClient client = AuthenticationHelper.GetActiveDirectoryClient(); 
user = (User) await client.Users.GetByObjectId(objectId).ExecuteAsync(); 

var roleId = ""; 
await user.AppRoleAssignments.Where(t=>t.ObjectId==roleId).FirstOrDefault().DeleteAsync();

下列網站可能會有所幫助:
https://github.com/AzureADSamples/WebApp-RoleClaims-DotNet https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet

來源

2015-04-20 10:23:27 okenshield

+2

謝謝,但你的例子不起作用。哪裏不是關閉user.AppRoleAssignments的擴展方法,因爲它是一個IPagedCollection,即使您重複該操作,也不會加載任務。嘗試從IUserFetcher(來自Users.GetByObjectId)的.Expand加載它們會導致異常。我已經在AppRoleAssignment實例上嘗試過DeleteAsync(它實現了IEntityBase),它也會導致異常,因爲它會發出不正確的請求(請參閱問題)。 – 2015-04-21 13:02:29

+1

對不起,在這裏延遲響應丹尼爾。我們在客戶端庫中存在一個問題,我們正在跟蹤此問題 - 正如您發現通過DeleteAsync()方法目前不可能這樣。我們希望我們很快能夠解決這個問題,以便刪除應用程序角色分配。 – 2015-04-22 17:41:51

+0

@丹克肖可以讓我們知道它的解決與否。我試圖通過庫刪除,但仍然無法正常工作。 – 2016-08-15 13:00:09

1

雖然是不固定的,你可以手動HTTP請求,但仍然使用Azure的AD SDK來acqure令牌。像這樣的:

var tenantId = "<guid> tenant id"; 
var appId = "<guid> your Azure app id"; 
var appKey = "your app key"; 
var authority = "i.e. https://login.windows.net/mycompany.onmicrosoft.com"; 
var graphUrl = "https://graph.windows.net/"; 

public async Task RemoveRoleFromUser(Guid userId, string roleObjectId) { 
    var uri = string.Format("{0}/users/{1}/appRoleAssignments/{2}?api-version=1.5", tenantId, userId, roleObjectId); 
    await ExecuteRequest<object>(uri, HttpMethod.Delete); 
} 

private async Task<T> ExecuteRequest<T>(string uri, HttpMethod method = null, Object body = null) where T : class { 
    if (method == null) method = HttpMethod.Get; 
    T response; 
    var token = await AcquireTokenAsyncForApplication(); 
    using (var httpClient = new HttpClient { BaseAddress = getServicePointUri() }) { 
     var request = new HttpRequestMessage(method, uri); 
     request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); 
     if (body != null) { 
      request.Content = new StringContent(JsonConvert.SerializeObject(body), Encoding.UTF8, "application/json"); 
     } 
     var responseMessage = await httpClient.SendAsync(request).ConfigureAwait(false); 
     responseMessage.EnsureSuccessStatusCode(); 
     response = await responseMessage.Content.ReadAsAsync<T>(); 
    } 
    return response; 
} 

private async Task<string> AcquireTokenAsyncForApplication() { 
    ClientCredential clientCred = new ClientCredential(appId, appKey); 
    var authenticationContext = new AuthenticationContext(authority, false); 
    AuthenticationResult authenticationResult = authenticationContext.AcquireToken(graphUrl, clientCred); 
    return authenticationResult.AccessToken; 
} 

private Uri getServicePointUri() { 
    Uri servicePointUri = new Uri(graphUrl); 
    Uri serviceRoot = new Uri(servicePointUri, tenantId); 
    return serviceRoot; 
}

來源

2015-06-04 12:16:34 Andrey

相關問題

 相關問題