Azure ActiveDirectory Graph API GraphClient未返回AD组

时间:2014-12-27 18:46:40

标签: asp.net-mvc azure single-sign-on asp.net-identity adfs

我想从Azure AD中检索用户的组信息。

使用以下Graph API包来实现此目的

  • Microsoft.Azure.ActiveDirectory.GraphClient
  • Microsoft.IdentityModel.Clients.ActiveDirectory 2.13.112191810

我能够从Azure Graph API成功检索用户信息。

但是当我运行此方法来检索用户组时,Fiddler会显示一个成功的HTTP 200响应,其中包含组信息的JSON片段,但该方法本身不会返回IEnumerable。 

IEnumerable<string> groups = user.GetMemberGroupsAsync(false).Result.ToList();

代码似乎没有从此异步请求返回。

当身份验证管道卡住时,生成的体验是空白页面。

完整代码

public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
    {
        if (!incomingPrincipal.Identity.IsAuthenticated == true &&
            _authorizationService.IdentityRegistered(incomingPrincipal.Identity.Name))
        {
            return base.Authenticate(resourceName, incomingPrincipal);
        }

        _authorizationService.AddClaimsToIdentity(((ClaimsIdentity) incomingPrincipal.Identity));

        Claim tenantClaim = incomingPrincipal.FindFirst(TenantIdClaim);

        if (tenantClaim == null)
        {
            throw new NotSupportedException("Tenant claim not available, role authentication is not supported");
        }

        string tenantId = tenantClaim.Value;
        string authority = String.Format(CultureInfo.InvariantCulture, _aadInstance, _tenant);
        Uri servicePointUri = new Uri("https://graph.windows.net");
        ClientCredential clientCredential = new ClientCredential(_clientId, _password);

        AuthenticationContext authContext = new AuthenticationContext(authority, true);
        AuthenticationResult result = authContext.AcquireToken(servicePointUri.ToString(), clientCredential);
        Token = result.AccessToken;

        ActiveDirectoryClient activeDirectoryClient =
            new ActiveDirectoryClient(new Uri(servicePointUri, tenantId),
                async () => await AcquireTokenAsync());

       IUser user = activeDirectoryClient
           .Users
           .Where(x => x.UserPrincipalName.Equals(incomingPrincipal.Identity.Name))
           .ExecuteAsync()
           .Result
           .CurrentPage
           .ToList()
           .FirstOrDefault();

        if (user == null)
        {
            throw new NotSupportedException("Unknown User.");
        }          

       IEnumerable<string> groups = user.GetMemberGroupsAsync(false).Result.ToList();


        return incomingPrincipal;
    }

2 个答案:

答案 0 :(得分:4)

我有同样的问题。根据文档更改后,我的代码正在运行 https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet 

        IUserFetcher retrievedUserFetcher = (User) user;
        IPagedCollection<IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result;
        do {
            List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
            foreach (IDirectoryObject directoryObject in directoryObjects) {
                if (directoryObject is Group) {
                    Group group = directoryObject as Group;
                    ((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(
                        new Claim(ClaimTypes.Role, group.DisplayName, ClaimValueTypes.String, "GRAPH"));
                }
            }
            pagedCollection = pagedCollection.GetNextPageAsync().Result;
        } while (pagedCollection != null && pagedCollection.MorePagesAvailable);

答案 1 :(得分:0)

IEnumerable,string groups = user.GetMemberGroupsAsync(false).Result.ToList()不起作用,因为结果不是IEnumerable类型的字符串。

IEnumerable<string> groups = await user.GetMemberGroupsAsync(false);

上面的代码会返回正确的类型。

相关问题
最新问题