如何获取自定义Azure AD B2C用户配置文件属性的值

时间:2017-11-17 11:34:40

标签: microsoft-graph azure-ad-b2c

我有一个Azure AD B2C租户和应用程序,使用Facebook,其他AAD和本地帐户启用身份验证。 B2C中的用户有一些自定义字段,这些字段在注册时填充并用作JWT令牌中的声明。

但我无法在Azure门户中的任何位置看到此字段值,也无法使用Microsoft Graph API。

存储它们的位置以及如何访问它们?

2 个答案:

答案 0 :(得分:4)

您可以通过将自定义声明包含在发送到应用的令牌中或通过查询Azure AD Graph API (而不是Microsoft Graph)来访问自定义声明。

  1. 在令牌中包含自定义声明:在Azure门户的B2C刀片中,选择您正在使用的策略,单击“编辑”,“应用程序声明”并选择自定义属性。 Full documentation
  2. 查询Azure AD Graph API :注册Azure AD应用程序,查询Azure AD Graph API。 Full documentation

    3. 这里是#2

    的一些C#代码 
    // The client_id, client_secret, and tenant are pulled in from the App.config file
var clientId = "YOUR_CLIENT_ID";
var clientSecret = "YOUR_CLIENT_SECRET";
var tenant = "yourtenant.onmicrosoft.com";

var userObjectID = "OID_OF_THE_USER"
var query = "/users/" + userObjectId

this.authContext = new AuthenticationContext("https://login.microsoftonline.com/" + tenant);

// The ClientCredential is where you pass in your client_id and client_secret, which are 
// provided to Azure AD in order to receive an access_token using the app's identity.
this.credential = new ClientCredential(clientId, clientSecret);

// First, use ADAL to acquire a token using the app's identity (the credential)
// The first parameter is the resource we want an access_token for; in this case, the Graph API.
AuthenticationResult result = authContext.AcquireToken("https://graph.windows.net", credential);

// For B2C user managment, be sure to use the Azure AD Graph API for now.
HttpClient http = new HttpClient();
string url = "https://graph.windows.net/" + tenant + api + "?" + Globals.aadGraphVersion;
url += "&" + query;

// Append the access token for the Graph API to the Authorization header of the request, using the Bearer scheme.
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, url);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = await http.SendAsync(request);

if (!response.IsSuccessStatusCode)
{
    string error = await response.Content.ReadAsStringAsync();
    object formatted = JsonConvert.DeserializeObject(error);
    throw new WebException("Error Calling the Graph API: \n" + JsonConvert.SerializeObject(formatted, Formatting.Indented));
}

return await response.Content.ReadAsStringAsync();

答案 1 :(得分:2)

请参阅本指南,在JWT中添加自定义声明/属性:Use custom attributes to collect information about your consumers

请参阅此指南:Use the Azure AD Graph APIsample app,以通过Azure AD Graph API查看自定义声明。

在图谱API中,它们将返回:extension_[GUID]_[ClaimName]

相关问题
最新问题