我正在构建一个使用自定义UI管理Azure AD的应用程序。我已经在Azure AD上创建了一个应用程序,并且能够使用Microsoft Graph REST API Beta通过编程方式以编程方式创建APP和APP角色等操作。 如文档https://docs.microsoft.com/en-us/graph/api/approleassignment-delete?view=graph-rest-beta中所述,我无法使用Delete appRoleAssignment API取消对Azure AD应用程序的用户/组的访问/删除。 当尝试以下两个API URL时,出现错误消息“ Bad Request”。 删除/ users / {id | userPrincipalName} / appRoleAssignments / {id} 删除https://graph.microsoft.com/beta/appRoleAssignments/ {id} 您能指导我达到要求吗?
以下是我的代码示例,我只需要知道正确的API和相应的请求主体即可达到我的要求 以下是我的代码示例
public async Task<Boolean> DoApplicationUnAssignment([FromBody] ApplicationAssignment applicationAssignment)
{
bool isSuccess = false;
string directoryId = _iconfiguration["RLRApp_directoryId"];
try
{
string appRoleAssignmentsapipath = "";
//Get appRoleAssignments
if (string.Equals(applicationAssignment.objectType, "user", StringComparison.OrdinalIgnoreCase))
{
appRoleAssignmentsapipath = $"https://graph.windows.net/{directoryId}/users/{applicationAssignment.objectId}/appRoleAssignments?api-version=1.6";
}
if (string.Equals(applicationAssignment.objectType, "group", StringComparison.OrdinalIgnoreCase))
{
appRoleAssignmentsapipath = $"https://graph.windows.net/{directoryId}/groups/{applicationAssignment.objectId}/appRoleAssignments?api-version=1.6";
}
HttpClient graphAPIClientAD = await GetAzureADAPIClient();
List<AppRoleAssignment> listAppRoleAssignments = null;
HttpResponseMessage response = await graphAPIClientAD.GetAsync(appRoleAssignmentsapipath);
var serializer = new DataContractJsonSerializer(typeof(AppRoleAssignmentsList));
if (response.IsSuccessStatusCode)
{
var streamTask = await response.Content.ReadAsStreamAsync();
AppRoleAssignmentsList apiResponse = serializer.ReadObject(streamTask) as AppRoleAssignmentsList;
listAppRoleAssignments = apiResponse.value;
}
//TO DO -RECHECK-- n.resourceId == applicationAssignment.applicationId
AppRoleAssignment currentAppRoleAssignment = new AppRoleAssignment();
currentAppRoleAssignment = listAppRoleAssignments.Where(n => string.Equals(n.principalType, applicationAssignment.objectType, StringComparison.OrdinalIgnoreCase)
&& n.principalId.ToLower() == applicationAssignment.objectId.ToLower() && n.resourceId.ToLower() == applicationAssignment.appServicePrincipalId.ToLower()).FirstOrDefault();
if (currentAppRoleAssignment != null)
{
string apiUrl = "";
if (string.Equals(applicationAssignment.objectType, "user", StringComparison.OrdinalIgnoreCase))
{
//apiUrl = $"https://graph.microsoft.com/v1.0/users/{applicationAssignment.objectId}/appRoleAssignments/{currentAppRoleAssignment.id}";
apiUrl = $"https://graph.microsoft.com/beta/users/{applicationAssignment.objectId}/appRoleAssignments/{currentAppRoleAssignment.objectId}";
}
else if (string.Equals(applicationAssignment.objectType, "group", StringComparison.OrdinalIgnoreCase))
{
apiUrl = $"https://graph.microsoft.com/beta/groups/{applicationAssignment.objectId}/appRoleAssignments/{currentAppRoleAssignment.id}";
}
HttpClient graphAPIClient = await GetGraphAPIClient();
var apiResponse = await graphAPIClient.DeleteAsync(apiUrl);
dynamic responseContent = apiResponse.Content.ReadAsAsync<ExpandoObject>().Result;
//return responseContent;`enter code here`
isSuccess = true;
}
//DELETE / users /{ id | userPrincipalName}/ appRoleAssignments /{ id}
//DELETE / servicePrincipals /{ id}/ appRoleAssignedTo-- ?
//DELETE / groups /{ id}/ appRoleAssignments /{ id}
}
catch (Exception ex)
{
}
return isSuccess;
}