如何使用CSP Global Admin凭据在Azure AD中为租户注册应用程序?

时间:2019-04-10 09:50:04

标签: c# azure azure-active-directory azure-resource-manager azure-ad-graph-api

我的目标是使用C#的CSP Global Admin Account在Azure Active Directory中为我的租户创建一个应用程序。

通过PowerShell命令进行操作。

Login-AzureRmAccount ==> CSP Global admin credentials
Select-AzureRmSubscription -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(Enter your Customer Microsoft ID)" ==> Select a tenant where I want to create application
$password = ConvertTo-SecureString "SomePass@123" -asplaintext -force
New-AzureRmADApplication -DisplayName "MyApp" -HomePage "http://MyApp" -IdentifierUris "http://MyApp" -Password $password ==> Application created in the above mentioned tenants account.


请帮助我在C#中执行相同的操作。

2 个答案:

答案 0 :(得分:0)

您可以使用Microsoft Graph API Beta version 在Azure门户上创建新应用程序

  

注意:调用此API需要以下权限之一。要了解更多信息,包括如何选择权限,请参阅   Permissions。看到下面的屏幕截图

enter image description here

请求格式

  

https://graph.microsoft.com/beta/applications

更新

我已经尝试过这种方式:

来自Microsoft Graph Explorer的请求

按如下所示设置请求正文

{
  "displayName": "Your Application Name"
}

请参见下面的屏幕截图

enter image description here

Azure门户:

成功响应后,在天蓝色门户网站上进行了检查

enter image description here

  

要记住的地方

     

如果您尝试使用Microsoft Graph Explorer,则必须设置以下权限。

请参见下面的屏幕截图

enter image description here

有关更多信息,您可以检查here

  

注意:Microsoft Graph中/ beta版本下的API可能会更改。不能在生产应用程序中使用这些API   支持。

答案 1 :(得分:0)

    public static string postRequest(string url, string access_token, string data)
    {
        byte[] buffer = null;
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
        request.Method = "post";
        request.ContentType = "application/json";
        request.Headers.Add("Authorization", "Bearer " + access_token);
        //request.Headers.Add("other header", "it's value");
        if (data != null)
            buffer = Encoding.UTF8.GetBytes(data);
        else
            buffer = Encoding.UTF8.GetBytes("");
        request.ContentLength = buffer.Length;
        request.GetRequestStream().Write(buffer, 0, buffer.Length);
        HttpWebResponse response = (HttpWebResponse)request.GetResponse();
        using (StreamReader reader = new StreamReader(response.GetResponseStream(), Encoding.UTF8))
        {
            return response.StatusCode + " " + reader.ReadToEnd();
        }
    }


    public class PasswordCredential
    {
        public string startDate;
        public string endDate;
        public string keyId;
        public string value;
    }

    public class AppConfiguration
    {
        public bool availableToOtherTenants;
        public string displayName;
        public string homepage;
        public List<string> identifierUris = new List<string>();
        public List<PasswordCredential> passwordCredentials = new List<PasswordCredential>();
    }

    static void Main(string[] args)
    {
        string tenantId = @"customer tenant id";
        string resource = @"https://graph.windows.net/";
        string clientId = @"1950a258-227b-4e31-a9cf-717495945fc2";
        string returnUri = @"urn:ietf:wg:oauth:2.0:oob";

        var context = new AuthenticationContext("https://login.microsoftonline.com/" + tenantId);

        var uri = new Uri(returnUri);
        var platformParams = new PlatformParameters(PromptBehavior.Always);
        var authResult = context.AcquireTokenAsync(resource, clientId, uri, platformParams).Result;
        var accessToken = authResult.AccessToken;

        var url = @"https://graph.windows.net/{customer_tenant_id}/applications?api-version=1.6";

        var passwordCredential = new PasswordCredential();
        passwordCredential.startDate = DateTime.UtcNow.ToString("yyyy-MM-ddThh:mm:ssZ");
        passwordCredential.endDate = DateTime.UtcNow.AddYears(1).ToString("yyyy-MM-ddThh:mm:ssZ");
        passwordCredential.keyId = Guid.NewGuid().ToString();
        passwordCredential.value = "TestPassword1.";

        var appConfiguration = new AppConfiguration();
        appConfiguration.availableToOtherTenants = false;
        appConfiguration.displayName = "MyApp";
        appConfiguration.homepage = "Https://MyApp";
        appConfiguration.identifierUris.Add("https://MyApp");
        appConfiguration.passwordCredentials.Add(passwordCredential);

        var body = JsonConvert.SerializeObject(appConfiguration);
        //Console.WriteLine(body);

        var result = postRequest(url, accessToken, body);
        Console.WriteLine(result);

        Console.ReadLine();
    }

我使用ADAL,Newtonsoft.Json和HttpWebRequest为您快速创建了一个示例。您可以先尝试使用此代码段。

  

更新:不建议对用户名和密码进行硬编码。如果启用MFA,则可能无法获得令牌。如果MFA   已被禁用,您可以尝试以下代码片段:

    string userName = @"xxxx@xxxx.onmicrosoft.com";
    string passWord = @"password";

    var context = new AuthenticationContext("https://login.microsoftonline.com/tenant_id");

    result = context.AcquireTokenAsync(
          resource,
          clientid,
          new UserPasswordCredential(userName, passWord)).Result;