获取Azure AD用户所属的组列表.Net Core的声明

时间:2017-05-31 21:05:17

标签: .net-core azure-active-directory

我正在尝试使用“隐式流”中生成的令牌获取Azure AD用户所属的组列表.Net Core中的令牌。没有组信息。

我正在使用以下链接中提到的“隐式流”: .NET Core and Azure Active Directory integration

以下显示了如何在.NET Framework中执行此操作,但.NET Core没有“ActiveDirectoryClient”类。

Get a list of groups that Azure AD user belongs to in claims

非常感谢任何帮助!

德里克

1 个答案:

答案 0 :(得分:2)

您可以先在清单中将groupMembershipClaims属性设置为SecurityGroup,然后在登录后获取asp.net核心中的组列表:

var groups = User.Claims.Where(c => c.Type == "groups").ToList();

更新:

然后,您可以调用Azure AD Graph api来获取组信息。首先参考代码示例:https://github.com/Azure-Samples/active-directory-dotnet-webapp-webapi-openidconnect-aspnetcore

在.net核心应用中,您可以获取组对象ID并调用图形api:

https://graph.windows.net/myorganization/groups/<objectid>?api-version=1.6

您可以为应用的Read all groups刀片中的Windows Azure Active Directory设置Required permissions个委派权限。然后尝试下面的代码来获取组名:

        try
        {

            var groups = User.Claims.Where(c => c.Type == "groups").ToList();


            string userObjectID = (User.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier"))?.Value;
            AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, new NaiveSessionCache(userObjectID, HttpContext.Session));
            ClientCredential credential = new ClientCredential(Startup.ClientId, Startup.ClientSecret);
            result = await authContext.AcquireTokenSilentAsync(Startup.GraphResourceId, credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));

            //
            // Retrieve the group information.
            //
            HttpClient client = new HttpClient();
            HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "https://graph.windows.net/myorganization/groups/"+ groups[1].Value + "?api-version=1.6" );
            request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
            HttpResponseMessage response = await client.SendAsync(request);


            if (response.IsSuccessStatusCode)
            {
                List<Dictionary<String, String>> responseElements = new List<Dictionary<String, String>>();
                JsonSerializerSettings settings = new JsonSerializerSettings();
                String responseString = await response.Content.ReadAsStringAsync();
                var model = JsonConvert.DeserializeObject<RootObject>(responseString);
                var groupName = model.displayName;
            }
            else
            {

                if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
                {

                }
            }
        }
        catch (Exception ee)
        {

        }

以下集团实体供您参考:

   public class RootObject
        {
            public string objectType { get; set; }
            public string objectId { get; set; }
            public object deletionTimestamp { get; set; }
            public string description { get; set; }
            public object dirSyncEnabled { get; set; }
            public string displayName { get; set; }
            public object mail { get; set; }
            public string mailNickname { get; set; }
            public bool mailEnabled { get; set; }
            public bool securityEnabled { get; set; }
        }
相关问题
最新问题