如何检查 azure active directory 用户是否已经在 approle 中
How to check if an azure active directory user is already in an approle
我已经创建了一个 Azure 活动目录用户并将该用户添加到应用程序角色。
现在我正在检索此用户并尝试将其添加到更多应用角色。
var activeDirectoryUser = client.Users.Where(u => u.UserPrincipalName == user.UserName).ExecuteSingleAsync().Result as User;
作为预防措施,我想在添加之前先检查用户是否已经处于应用程序角色中,但问题是 User 对象上的 ApproleAssignments 字段始终为空。即使用户有应用程序角色分配,如果我尝试将用户添加到相同的应用程序角色,我也会收到错误消息。
正在创建新的应用角色分配。
var appRoleAssignment = new AppRoleAssignment
{
Id = appRole.Id,
ResourceId = Guid.Parse(servicePrincpal.ObjectId),
PrincipalType = "User",
PrincipalId = Guid.Parse(user.ObjectId)
};
if(IsUserInAppRole(user,appRoleAssignment))return;
user.AppRoleAssignments.Add(appRoleAssignment);
user.UpdateAsync().Wait();
正在检查用户是否处于应用角色。
private bool IsUserInAppRole(User user, AppRoleAssignment appRoleAssignment)
{
var userInApprole = user.AppRoleAssignments.Where(ara => ara.ObjectId == appRoleAssignment.Id.ToString());
return userInApprole.Any();
}
我正在使用最新版本的 Microsoft.Azure.ActiveDirectory.GraphClient 库
抱歉回复晚了。以下代码对我有用。不确定您是否需要使用 IUserFetcher 接口,但您的 LINQ 查询失败,因为您正在比较分配的 objectID 和 appRole Id。你需要比较的是作业的ID。
var userFetcher = user as IUserFetcher;
IPagedCollection<IAppRoleAssignment> rawObjects = userFetcher.AppRoleAssignments.ExecuteAsync().Result;
IList<IAppRoleAssignment> assignments = rawObjects.CurrentPage.ToList();
IAppRoleAssignment a = null;
a = assignments.Where(ara => ara.Id.Equals(appRole.Id)).First();
if (a != null) {
Console.WriteLine("Found assignment {0} for user {1}", appRole.Id, user.DisplayName);
}
希望这对您有所帮助...
var userFetcher = user as IUserFetcher;
IPagedCollection rawObjects = userFetcher.AppRoleAssignments.ExecuteAsync().Result;
IList<IAppRoleAssignment> assignments = rawObjects.CurrentPage.ToList();
以上代码行由于转换未完成而导致异常,如果将其转换为:
IPagedCollection rawObjects =
(IPagedCollection)userFetcher.AppRoleAssignments.ExecuteAsync().Result;
IList<IAppRoleAssignment> assignments =
(IList<IAppRoleAssignment>)rawObjects.CurrentPage.ToList();
代码编译成功但出现运行时异常:
Cannot implicitly convert type 'System.Collections.Generic.List' to 'System.Collections.Generic.IList'. An explicit conversion exists (are you missing a cast?)
能否请您指导如何使用这两个语句?
更新:
private static bool IsUserInRole(User user, AppRole appRole, bool roleAlreadyAssigned = false)
{
var userFetcher = user as IUserFetcher;
IPagedCollection rawObjects = (IPagedCollection)userFetcher.AppRoleAssignments.ExecuteAsync().Result;
foreach (IAppRoleAssignment item in rawObjects.CurrentPage)
{
if (item.Id == appRole.Id)
{
roleAlreadyAssigned = true; break;
}
}
return roleAlreadyAssigned;
}
以上代码对我有用。试试这个,希望这会有所帮助:)
我已经创建了一个 Azure 活动目录用户并将该用户添加到应用程序角色。 现在我正在检索此用户并尝试将其添加到更多应用角色。
var activeDirectoryUser = client.Users.Where(u => u.UserPrincipalName == user.UserName).ExecuteSingleAsync().Result as User;
作为预防措施,我想在添加之前先检查用户是否已经处于应用程序角色中,但问题是 User 对象上的 ApproleAssignments 字段始终为空。即使用户有应用程序角色分配,如果我尝试将用户添加到相同的应用程序角色,我也会收到错误消息。
正在创建新的应用角色分配。
var appRoleAssignment = new AppRoleAssignment
{
Id = appRole.Id,
ResourceId = Guid.Parse(servicePrincpal.ObjectId),
PrincipalType = "User",
PrincipalId = Guid.Parse(user.ObjectId)
};
if(IsUserInAppRole(user,appRoleAssignment))return;
user.AppRoleAssignments.Add(appRoleAssignment);
user.UpdateAsync().Wait();
正在检查用户是否处于应用角色。
private bool IsUserInAppRole(User user, AppRoleAssignment appRoleAssignment)
{
var userInApprole = user.AppRoleAssignments.Where(ara => ara.ObjectId == appRoleAssignment.Id.ToString());
return userInApprole.Any();
}
我正在使用最新版本的 Microsoft.Azure.ActiveDirectory.GraphClient 库
抱歉回复晚了。以下代码对我有用。不确定您是否需要使用 IUserFetcher 接口,但您的 LINQ 查询失败,因为您正在比较分配的 objectID 和 appRole Id。你需要比较的是作业的ID。
var userFetcher = user as IUserFetcher;
IPagedCollection<IAppRoleAssignment> rawObjects = userFetcher.AppRoleAssignments.ExecuteAsync().Result;
IList<IAppRoleAssignment> assignments = rawObjects.CurrentPage.ToList();
IAppRoleAssignment a = null;
a = assignments.Where(ara => ara.Id.Equals(appRole.Id)).First();
if (a != null) {
Console.WriteLine("Found assignment {0} for user {1}", appRole.Id, user.DisplayName);
}
希望这对您有所帮助...
var userFetcher = user as IUserFetcher;
IPagedCollection rawObjects = userFetcher.AppRoleAssignments.ExecuteAsync().Result;
IList<IAppRoleAssignment> assignments = rawObjects.CurrentPage.ToList();
以上代码行由于转换未完成而导致异常,如果将其转换为:
IPagedCollection rawObjects =
(IPagedCollection)userFetcher.AppRoleAssignments.ExecuteAsync().Result;
IList<IAppRoleAssignment> assignments =
(IList<IAppRoleAssignment>)rawObjects.CurrentPage.ToList();
代码编译成功但出现运行时异常:
Cannot implicitly convert type 'System.Collections.Generic.List' to 'System.Collections.Generic.IList'. An explicit conversion exists (are you missing a cast?)
能否请您指导如何使用这两个语句?
更新:
private static bool IsUserInRole(User user, AppRole appRole, bool roleAlreadyAssigned = false)
{
var userFetcher = user as IUserFetcher;
IPagedCollection rawObjects = (IPagedCollection)userFetcher.AppRoleAssignments.ExecuteAsync().Result;
foreach (IAppRoleAssignment item in rawObjects.CurrentPage)
{
if (item.Id == appRole.Id)
{
roleAlreadyAssigned = true; break;
}
}
return roleAlreadyAssigned;
}
以上代码对我有用。试试这个,希望这会有所帮助:)