无法从 Active Directory 检索数据
Cannot retrieve data from Active Directory
我使用 Azure AD 身份验证创建了一个新的 Blazor 应用程序。登录功能按预期工作。现在我需要检索特定组的用户列表。在 Azure AD 上,我创建了一个客户端密码。此外,我添加了 Microsoft.Graph 权限 Directory.Read.All、Group.Read.All 和
GroupMember.Read.All,并授予管理员权限。
权限如下:
这是我用来检索群组用户的代码:
var scopes = new string[] { "https://graph.microsoft.com/.default" };
var confidentialClient = ConfidentialClientApplicationBuilder
.Create(_adSettings.ClientId)
.WithAuthority($"{_adSettings.Instance}/{_adSettings.TenantId}/ v2.0")
.WithClientSecret(_adSettings.ClientSecret)
.Build();
GraphServiceClient graphServiceClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {
// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
var authResult = await confidentialClient.AcquireTokenForClient(scopes).ExecuteAsync();
// Add the access token in the Authorization header of the API
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
}));
var members = await graphServiceClient.Groups["mygroup@mydomain.com"]
.Members
.Request()
.GetAsync();
最后一条语句抛出异常:
An error occurred sending the request. HttpStatusCode: 404: NotFound
我试着换成
var users = await graphServiceClient.Users.Request().GetAsync();
但结果是一样的
您应该指定群组对象 ID 而不是群组名称:
我的测试组:
测试代码及结果:
更新:
这是用于此测试的 C# 控制台应用程序代码,希望对您有所帮助:
using Microsoft.Graph;
using Microsoft.Graph.Auth;
using Microsoft.Identity.Client;
using System;
namespace graphsdktest
{
class Program
{
static void Main(string[] args)
{
var clientId = "<Azure AD App ID>";
var clientSecret = "<App secret>";
var tenantID = "<tenant ID>";
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenantID)
.WithClientSecret(clientSecret)
.Build();
ClientCredentialProvider authenticationProvider = new ClientCredentialProvider(confidentialClientApplication);
var graphClient = new GraphServiceClient(authenticationProvider);
var result = graphClient.Groups["<group ID>"].Members.Request().GetAsync().GetAwaiter().GetResult();
foreach (var user in result) {
Console.WriteLine(user.Id);
}
}
}
}
更新 2:
如果您在查询组成员时遇到一些权限异常,请转到 Azure AD => 应用程序注册 => 找到您的应用程序 => API 权限 => 添加权限 => Microsoft graph api => 申请权限 => GroupMember.Read.All :
然后单击此按钮完成授权过程:
我使用 Azure AD 身份验证创建了一个新的 Blazor 应用程序。登录功能按预期工作。现在我需要检索特定组的用户列表。在 Azure AD 上,我创建了一个客户端密码。此外,我添加了 Microsoft.Graph 权限 Directory.Read.All、Group.Read.All 和 GroupMember.Read.All,并授予管理员权限。
权限如下:
这是我用来检索群组用户的代码:
var scopes = new string[] { "https://graph.microsoft.com/.default" };
var confidentialClient = ConfidentialClientApplicationBuilder
.Create(_adSettings.ClientId)
.WithAuthority($"{_adSettings.Instance}/{_adSettings.TenantId}/ v2.0")
.WithClientSecret(_adSettings.ClientSecret)
.Build();
GraphServiceClient graphServiceClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {
// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
var authResult = await confidentialClient.AcquireTokenForClient(scopes).ExecuteAsync();
// Add the access token in the Authorization header of the API
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
}));
var members = await graphServiceClient.Groups["mygroup@mydomain.com"]
.Members
.Request()
.GetAsync();
最后一条语句抛出异常:
An error occurred sending the request. HttpStatusCode: 404: NotFound
我试着换成
var users = await graphServiceClient.Users.Request().GetAsync();
但结果是一样的
您应该指定群组对象 ID 而不是群组名称:
我的测试组:
测试代码及结果:
更新:
这是用于此测试的 C# 控制台应用程序代码,希望对您有所帮助:
using Microsoft.Graph;
using Microsoft.Graph.Auth;
using Microsoft.Identity.Client;
using System;
namespace graphsdktest
{
class Program
{
static void Main(string[] args)
{
var clientId = "<Azure AD App ID>";
var clientSecret = "<App secret>";
var tenantID = "<tenant ID>";
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenantID)
.WithClientSecret(clientSecret)
.Build();
ClientCredentialProvider authenticationProvider = new ClientCredentialProvider(confidentialClientApplication);
var graphClient = new GraphServiceClient(authenticationProvider);
var result = graphClient.Groups["<group ID>"].Members.Request().GetAsync().GetAwaiter().GetResult();
foreach (var user in result) {
Console.WriteLine(user.Id);
}
}
}
}
更新 2:
如果您在查询组成员时遇到一些权限异常,请转到 Azure AD => 应用程序注册 => 找到您的应用程序 => API 权限 => 添加权限 => Microsoft graph api => 申请权限 => GroupMember.Read.All :
然后单击此按钮完成授权过程: