调用AddUserAsync .NET Core 2.0时出现PlatformNotSupportedexception
我正在尝试编写一些使用Graph API在Azure AD中创建用户的代码。 我开始用网上的一个例子,但现在它在添加用户时就失败了
await adClient.Users.AddUserAsync(userGraphObj);
在下面的CreateUser()方法中。 我得到的错误是
我正在使用.NET Core 2.0,在Windows 7上进行调试。谷歌搜索并发现它们为2.0提供了序列化, 但仅针对特定类型 。
我真的不在乎。 如何在代码中将用户添加到Azure AD?
const String appClientID = "2be733f1-88c3-6482-8e2a-5e9631fc3a32"; const String tenant = "brazzers.onmicrosoft.com"; const String authString = "https://login.microsoftonline.com/" + tenant; const String authClientSecret = "dDdaVGee315s65ewDSWEwfdw7wq5efDNO5C3cvN4RA"; const String resAzureGraphAPI = "https://graph.windows.net"; const String serviceRootURL = resAzureGraphAPI + appClientID; private ActiveDirectoryClient GetAADClient() { Uri serviceRoot = new Uri(serviceRootURL); ActiveDirectoryClient adClient = new ActiveDirectoryClient( serviceRoot, async () => await GetAppTokenAsync()); return adClient; } private static async Task GetAppTokenAsync() { AuthenticationContext authenticationContext = new AuthenticationContext(authString, false); ClientCredential clientCred = new ClientCredential(appClientID, authClientSecret); AuthenticationResult authResult = await authenticationContext.AcquireTokenAsync(resAzureGraphAPI, clientCred); return authResult.AccessToken; } public async Task CreateUser() { var adClient = GetAADClient(); //Construct The User String userEmail = "TestUser@Brazzers.com"; String mailNickname = userEmail.Split(new char[] { '@' }).FirstOrDefault(); var userGraphObj = new Microsoft.Azure.ActiveDirectory.GraphClient.User() { GivenName = "Test", Surname = "User", Mobile = "13133124044", MailNickname = mailNickname, DisplayName = "Test User", AccountEnabled = true }; await adClient.Users.AddUserAsync(userGraphObj); return Ok(tempPassword); }
Microsoft本身建议不再使用Azure AD Graph API,而是支持Microsoft Graph API(参见博客文章 )。
如果您没有强烈要求使用Azure AD API,以下是通过最新API创建用户的步骤。
免责声明:
- 我从未成功地从桌面应用程序中获取令牌
- 我还没有真正理解应该如何使用权限范围(这里似乎需要一个URL,但在示例中它通常是一个字符串列表,例如
User.ReadWrite.All或Directory.ReadWrite.All)
获取令牌的代码 :
const String appClientID = "2be733f1-88c3-6482-8e2a-5e9631fc3a32"; const String tenant = "brazzers.onmicrosoft.com"; const String authString = "https://login.microsoftonline.com/" + tenant; const String authClientSecret = "dDdaVGee315s65ewDSWEwfdw7wq5efDNO5C3cvN4RA"; public static GraphServiceClient GetAuthenticatedClient() { var delegateAuthenticationProvider = new DelegateAuthenticationProvider( async (requestMessage) => { var accessToken = await GetAppTokenAsync(); requestMessage.Headers.Authorization = new AuthenticationHeaderValue("bearer", accessToken); } ); return new GraphServiceClient(delegateAuthenticationProvider); } private static async Task GetAppTokenAsync() { // this doesn't work for desktop apps, // and PublicClientApplication throws a NotImplementedException var cca = new ConfidentialClientApplication( appClientID, authString, "http://www.example.com/", // no redirect new ClientCredential(authClientSecret), new TokenCache(), new TokenCache()); var authResult = await cca.AcquireTokenForClientAsync(new[] { $"https://graph.microsoft.com/.default" }); return authResult.AccessToken; }
创建用户的代码 (由样本提供 ):
public async Task CreateUser(GraphServiceClient graphClient) { // This snippet gets the tenant domain from the Organization object to construct the user's email address. var organization = await graphClient.Organization.Request().GetAsync(); var domain = organization.CurrentPage[0].VerifiedDomains.ElementAt(0).Name; // Add the user. var userEmail = "TestUser@" + domain; var mailNickname = userEmail.Split(new char[] { '@' }).FirstOrDefault(); return await graphClient.Users.Request().AddAsync(new User { AccountEnabled = true, DisplayName = "Test User", MailNickname = mailNickname, PasswordProfile = new PasswordProfile { Password = "super_strong_password" }, UserPrincipalName = userEmail }); }