我是Azure新手。我已将我的MVC 5网站发布到Azure。我有一个组名列表和他们在c#字典中的objectid。 AD组在Azure AD目录中创建。我试图找到登录用户是否是Azure AD组的成员。出于某种原因,我没有成功。当我使用GraphConnection.IsMemberOf()函数时,我收到NUllreferenceException。如果你们有人能帮我解决这个问题会很棒。
这是我的代码
try
{
var userObjectId = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
var authContext = new AuthenticationContext(String.Format(CultureInfo.InvariantCulture, loginUrl, tenant));
var credential = new ClientCredential(clientId, appKey);
var result = authContext.AcquireToken(graphResourceId, credential);
var clientRequestId = Guid.NewGuid();
var graphSettings = new GraphSettings
{
ApiVersion = GraphConfiguration.GraphApiVersion
};
var graphConnection = new GraphConnection(result.AccessToken, clientRequestId, graphSettings);
if (string.IsNullOrEmpty(this.adGroupObjectId))
{
var groups = graphConnection.List<Group>(null, null);
if (groups != null && groups.Results != null)
{
var group = groups.Results.SingleOrDefault(r => r.DisplayName == adGroup);
if (group != null)
adGroupObjectId = group.ObjectId;
}
}
if (adGroupObjectId != null)
inGroup = graphConnection.IsMemberOf(adGroupObjectId, userObjectId);
return inGroup;
}
catch(Exception ex)
{
var message = string.Format("Unable to authorize AD user: {0} against group: {1}", ClaimsPrincipal.Current.Identity.Name, adGroup);
throw new Exception(message, ex);
}
答案 0 :(得分:1)
Akhil,我们最近在Azure AD中启用了应用程序角色和组声明功能。根据您的情况,其中一个应该是合适的。
深度帖子和应用角色视频功能在这里:http://www.dushyantgill.com/blog/2014/12/10/roles-based-access-control-in-cloud-applications-using-azure-ad/
群组声明功能的深潜帖子和视频位于:http://www.dushyantgill.com/blog/2014/12/10/authorization-cloud-applications-using-ad-groups/
希望有所帮助。