根据this documentation,您应该能够通过Microsoft Graph创建一个appRoleAssignment,但这是行不通的。在GitHub issue中,我被指示在此处创建问题。我们已经将大多数代码从Azure Graph API迁移到了Microsoft Graph,这是最后一个缺少的部分。
答案 0 :(得分:3)
这终于对我有用!
可能会有更优化的方式来发布JSON,但我必须转至基本知识,以确保没有任何原因导致这种情况在后台消失。
const string ROLE_ASSIGNMENT_FORMATTER = "https://graph.microsoft.com/beta/servicePrincipals/{0}/appRoleAssignments";
public static async Task AddApplicationUsers(string enterpriseAppId, string userId, string roleId)
{
HttpClient client = new HttpClient();
string url = string.Format(ROLE_ASSIGNMENT_FORMATTER, enterpriseAppId);
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", await GetAccessToken());
var roleAssignment = new
{
appRoleId = roleId,
principalId = userId,
resourceId = enterpriseAppId
};
var content = new StringContent(Newtonsoft.Json.JsonConvert.SerializeObject(roleAssignment), Encoding.UTF8, "application/json");
content.Headers.ContentType = new MediaTypeHeaderValue("application/json");
var response = await client.PostAsync(url, content);
if (response.IsSuccessStatusCode)
{
return ;
}
else
{
throw new HttpRequestException(response.ReasonPhrase);
}
}