我能够在Azure上查询活动目录并提供用户信息,例如姓名,国家/地区,部门等。
但是,我想知道登录用户所属的群组。我用来带来用户信息的功能如下:
public IUser GetUserData()
{
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantID);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
async () => await GetTokenForApplication());
// use the token for querying the graph to get the user details
IUser user = activeDirectoryClient.Users
.Where(u => u.ObjectId.Equals(userObjectID))
.ExecuteAsync().Result.CurrentPage.ToList().First();
return user;
}
我尝试使用' activeDirectoryClient' GetUserData方法中的变量,用于检查用户是否是以下组中的成员:
bool d = activeDirectoryClient.IsMemberOfAsync("group1", userObjectID).Result.Value;
然而,它没有用!!
我还找到了这个解决方案here,接受了它,并按照以下方式进行了自定义:
public async Task<IList<String>> GetGroups(IUser user)
{
IList<String> groupMembership = new List<String>();
var userFetcher = (IUserFetcher)user;
IPagedCollection<IDirectoryObject> pagedCollection = await userFetcher.MemberOf.ExecuteAsync();
do
{
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
var group = directoryObject as Group;
groupMembership.Add(group.DisplayName);
test.Text += group.DisplayName;
}
}
pagedCollection = await pagedCollection.GetNextPageAsync();
} while (pagedCollection != null);
return groupMembership;
}
我正在使用存储在我的web.config文件中的全局变量
private static string clientId = ConfigurationManager.AppSettings["ida:ClientID"];
private static string appKey = ConfigurationManager.AppSettings["ida:ClientSecret"];
private static string aadInstance = ConfigurationManager.AppSettings["ida:AADInstance"];
private static string graphResourceId = "https://graph.windows.net";
如何检查用户是否&#39;有一个名为&#39; group1&#39;
的组谢谢!
答案 0 :(得分:1)
尝试使用 IUserFetcher.Memberof 。
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
async () => await GetTokenForApplication());
IList<string> groupMembership = new List<string>();
IUser user = activeDirectoryClient.Users.Where(u => u.ObjectId.Equals(userObjectID)).ExecuteAsync().Result.CurrentPage.ToList().First();
var userFetcher = (IUserFetcher)user;
IPagedCollection<IDirectoryObject> pagedCollection = userFetcher.MemberOf.ExecuteAsync().Result;
do
{
List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
foreach (IDirectoryObject directoryObject in directoryObjects)
{
if (directoryObject is Group)
{
var group = directoryObject as Group;
groupMembership.Add(group.DisplayName);
}
}
pagedCollection = pagedCollection.GetNextPageAsync().Result;
} while (pagedCollection != null);
答案 1 :(得分:0)
因此,图谱API具有isMemberOf,您可以查询以检查用户是否是特定组的成员。参考链接:https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/functions-and-actions#isMemberOf