我已经参考了论坛中的其他链接,我有以下代码可以使用并获取特定upn的安全组
private List<string> GetGroups(string userName)
{
List<string> result = new List<string>();
WindowsIdentity wi = new WindowsIdentity(userName);
foreach (IdentityReference group in wi.Groups)
{
try
{
result.Add(group.Translate(typeof(NTAccount)).ToString());
}
catch (Exception ex) { }
}
result.Sort();
return result;
}
但是相同的代码对Azure不起作用。所以我尝试下面的代码,但我没有找到一种方法来读取当前用户的安全组名称:
var displayName = ClaimsPrincipal.Current.FindFirst(ClaimTypes.Name).Value ;
var upn = ClaimsPrincipal.Current.FindFirst(ClaimTypes.Upn).Value;
答案 0 :(得分:1)
您问题中的代码是指使用Windows集成身份验证(WIA)进行身份验证的用户。使用Azure AD时,通常使用OpenID Connect等身份验证协议通过公共Internet进行身份验证,该协议的运行速度高于网络层。这导致调用者身份的不同表示。 有关在Azure AD中使用组的指导和有用链接,请参阅http://blogs.technet.com/b/ad/archive/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles.aspx。
答案 1 :(得分:0)
只看到你的问题,问题需要要解析的memberof属性,给你一个示例来帮助你找到安全组名称。
var searchString = "upnname";
try
{
List<IUser> users = activeDirectoryClient.Users.Where(User => User.UserPrincipalName.StartsWith(searchString)).ExecuteAsync().Result.CurrentPage.ToList();
foreach (IUser user in users)
{
IUserFetcher userfetch = user as IUserFetcher;
IList<Group> groupMembership = new List<Group>();
IPagedCollection<IDirectoryObject> pagedCollection =userfetch.MemberOf.ExecuteAsync().Result;
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
var group = directoryObject as Group;
if(group.SecurityEnabled.Equals(true))
{
groupMembership.Add(group);
Console.WriteLine("UserPrincinpleName:{0} Group DisplayName:{1}", user.UserPrincipalName, group.DisplayName);
}
}
}
}
}
catch (Exception e)
{
Console.WriteLine("\nError getting Group {0} {1}",
e.Message, e.InnerException != null ? e.InnerException.Message : "");
}
B2C存在一些差异。如果您有任何疑问,请保持联系。
答案 2 :(得分:0)
public static string LookupDisplayNameOfAADObject(string objectId)
{
string objectDisplayName = null;
string tenantId = (System.Security.Claims.ClaimsPrincipal.Current).
FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string signedInUserID = (System.Security.Claims.ClaimsPrincipal.Current).
FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier).Value;
string userObjectID = (System.Security.Claims.ClaimsPrincipal.Current).
FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
ClientCredential credential = new ClientCredential(ConfigurationManager.AppSettings["ida:ClientId"],
ConfigurationManager.AppSettings["ida:ClientSecret"]);
// initialize AuthenticationContext with the token cache of the currently signed in user, as kept in the app's EF DB
AuthenticationContext authContext = new AuthenticationContext(
string.Format(ConfigurationManager.AppSettings["ida:Authority"], tenantId),
new ADALTokenCache(signedInUserID));
AuthenticationResult result = authContext.AcquireTokenSilent(
ConfigurationManager.AppSettings["ida:GraphAPIIdentifier"],
credential,
new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
HttpClient client = new HttpClient();
string doQueryUrl = string.Format("{0}/{1}/directoryObjects/{2}?api-version={3}",
ConfigurationManager.AppSettings["ida:GraphAPIIdentifier"], tenantId,
objectId,
ConfigurationManager.AppSettings["ida:GraphAPIVersion"]);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, doQueryUrl);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = client.SendAsync(request).Result;
if (response.IsSuccessStatusCode)
{
var responseContent = response.Content;
string responseString = responseContent.ReadAsStringAsync().Result;
var directoryObject = System.Web.Helpers.Json.Decode(responseString);
if (directoryObject != null)
{
objectDisplayName = string.Format("{0} ({1})", directoryObject.displayName, directoryObject.objectType);
}
return objectDisplayName;
}
}