如何使用图形API在AAD B2C中创建具有自定义属性的用户

时间:2019-01-09 16:19:05

标签: azure-ad-b2c azure-ad-graph-api

在我的B2C租户中,我定义了4个自定义用户属性。 使用此处定义的CLI应用程序:https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet#create-consumer-user-accounts 当我将自定义属性添加到.json以创建用户时,例如

{
  "accountEnabled": true,
  "signInNames": [
    {
      "type": "emailAddress",
      "value": "mail@example.com"
    }
  ],
  "creationType": "LocalAccount",
  "displayName": "Joe Consumer",
  "passwordProfile": {
    "password": "P@ssword!",
    "forceChangePasswordNextLogin": false
  },
  "passwordPolicies": "DisablePasswordExpiration",
  "canViewSoccer": true
}

我得到了错误:

Error Calling the Graph API:
{
  "odata.error": {
    "code": "Request_BadRequest",
    "message": {
      "lang": "en",
      "value": "One or more property values specified are invalid."
    },
    "date": "2019-01-09T16:07:16",
    "requestId": "a1e30ffb-c675-4def-9741-d2a6aceb96c7",
    "values": null
  }
}

要在用户创建中使用我的自定义属性,我需要做些什么

3 个答案:

答案 0 :(得分:1)

请参见以下示例,UserService.CreateUserWithCustomAttribute()https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/4-WebApp-your-API/4-2-B2C

public static async Task CreateUserWithCustomAttribute(GraphServiceClient graphClient, string b2cExtensionAppClientId, string tenantId)
{
    if (string.IsNullOrWhiteSpace(b2cExtensionAppClientId))
    {
        throw new ArgumentException("B2C Extension App ClientId (ApplicationId) is missing in the appsettings.json. Get it from the App Registrations blade in the Azure portal. The app registration has the name 'b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.'.", nameof(b2cExtensionAppClientId));
    }

    // Declare the names of the custom attributes
    const string customAttributeName1 = "FavouriteSeason";
    const string customAttributeName2 = "LovesPets";

    // Get the complete name of the custom attribute (Azure AD extension)
    Helpers.B2cCustomAttributeHelper helper = new Helpers.B2cCustomAttributeHelper(b2cExtensionAppClientId);
    string favouriteSeasonAttributeName = helper.GetCompleteAttributeName(customAttributeName1);
    string lovesPetsAttributeName = helper.GetCompleteAttributeName(customAttributeName2);

    Console.WriteLine($"Create a user with the custom attributes '{customAttributeName1}' (string) and '{customAttributeName2}' (boolean)");

    // Fill custom attributes
    IDictionary<string, object> extensionInstance = new Dictionary<string, object>();
    extensionInstance.Add(favouriteSeasonAttributeName, "summer");
    extensionInstance.Add(lovesPetsAttributeName, true);

    try
    {
        // Create user
        var result = await graphClient.Users
        .Request()
        .AddAsync(new User
        {
            GivenName = "Casey",
            Surname = "Jensen",
            DisplayName = "Casey Jensen",
            Identities = new List<ObjectIdentity>
            {
                new ObjectIdentity()
                {
                    SignInType = "emailAddress",
                    Issuer = tenantId,
                    IssuerAssignedId = "casey.jensen@example.com"
                }
            },
            PasswordProfile = new PasswordProfile()
            {
                Password = Helpers.PasswordHelper.GenerateNewPassword(4, 8, 4)
            },
            PasswordPolicies = "DisablePasswordExpiration",
            AdditionalData = extensionInstance
        });

        string userId = result.Id;

        Console.WriteLine($"Created the new user. Now get the created user with object ID '{userId}'...");

        // Get created user by object ID
        result = await graphClient.Users[userId]
            .Request()
            .Select($"id,givenName,surName,displayName,identities,{favouriteSeasonAttributeName},{lovesPetsAttributeName}")
            .GetAsync();

        if (result != null)
        {
            Console.ForegroundColor = ConsoleColor.Blue;
            Console.WriteLine($"DisplayName: {result.DisplayName}");
            Console.WriteLine($"{customAttributeName1}: {result.AdditionalData[favouriteSeasonAttributeName].ToString()}");
            Console.WriteLine($"{customAttributeName2}: {result.AdditionalData[lovesPetsAttributeName].ToString()}");
            Console.WriteLine();
            Console.ResetColor();
            Console.WriteLine(JsonConvert.SerializeObject(result, Formatting.Indented));
        }
    }
    catch (ServiceException ex) 
    {
        if (ex.StatusCode == System.Net.HttpStatusCode.BadRequest)
        {
            Console.ForegroundColor = ConsoleColor.Red;
            Console.WriteLine($"Have you created the custom attributes '{customAttributeName1}' (string) and '{customAttributeName2}' (boolean) in your tenant?");
            Console.WriteLine();
            Console.WriteLine(ex.Message);
            Console.ResetColor();
        }                
    }
    catch (Exception ex)
    {
        Console.ForegroundColor = ConsoleColor.Red;
        Console.WriteLine(ex.Message);
        Console.ResetColor();
    }
}

如果需要,可以避免使用顶部的帮助器。 extensionInstance字典中的字符串键将为“ extension_ {app id} _ {property name}”,其中{app id}是为您创建的默认应用程序ID,名称为b2c-extensions-app. Do not modify. Used by AADB2C for storing user data. < / p>

答案 1 :(得分:0)

A custom attribute must be formatted as:

"extension_{app_id}_{property_name}": "{property_value}"

Example:

"extension_917ef9adff534c858b0a683b6e6ec0f3_CanViewSoccer": true

where {app_id} must be set to the application ID of the b2c-extensions-app application that is registered in your Azure AD B2C tenant.

答案 2 :(得分:0)

必须使用b2c-extensions-app的应用程序ID,扩展名属性名称中不得带连字符。即

{ "extension_e716a572-5e58-4d44-a366-ae39913b50f8_canViewSoccer": true }

应该是

{ "extension_e716a5725e584d44a366ae39913b50f8_canViewSoccer": true }