使用图形 API 在 Azure Active Directory 中创建应用程序

时间:2023-05-08
本文介绍了使用图形 API 在 Azure Active Directory 中创建应用程序失败的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

限时送ChatGPT账号..

我正在尝试使用 Azure Active Directory Graph API(带有 Azure GraphClient nuget 包)在 Azure AD 中创建一个新应用程序.

I'm trying to use the Azure Active Directory Graph API (with the Azure GraphClient nuget package) to create a new application in Azure AD.

我已经使用现有的 AAD 应用程序进行了身份验证,因此我对目录具有写入权限.

I've authenticated using an existing AAD application, so I have write access to the directory.

但是,当创建新的应用程序对象时,Azure Graph API 会返回此错误:

However, when creating the new application object the Azure Graph API returns this error:

{"odata.error": {
  "code":"Request_BadRequest",
    "message": {
      "lang":"en",
      "value":"Property  value cannot have duplicate id or claim values."
    },
    "values":
      [{
        "item":"PropertyName",
        "value":"None"
       },
       {
         "item":"PropertyErrorCode",
         "value":"DuplicateValue"
       }
     ]
   }
 }

它没有说明哪个属性具有重复的 id 或声明值 - 错误消息中有两个空格,就好像名称丢失一样.

It doesn't say which property has a duplicate id or claim value - there are two spaces in the error message as if the name is missing.

创建应用程序对象的代码是这样的:

The code which creates the Application object is this:

var appname = "Test Application create " + DateTime.Now.Ticks;
var application = new Application()
        {
            AvailableToOtherTenants = false,
            DisplayName = appname,
            ErrorUrl = null,
            GroupMembershipClaims = null,
            Homepage = "http://www.domain.com",
            IdentifierUris = new List<string>() {{"https://domain.com/"+ appname } },
            KeyCredentials = new List<KeyCredential>(),
            KnownClientApplications = new List<Guid>(),
            LogoutUrl = null,
            Oauth2AllowImplicitFlow = false,
            Oauth2AllowUrlPathMatching = false,
            Oauth2Permissions = new List<OAuth2Permission>()
            {
                {
                    new OAuth2Permission()
                    {
                        AdminConsentDescription =
                            $"Allow the application to access {appname} on behalf of the signed-in user.",
                        AdminConsentDisplayName = $"Access {appname}",
                        Id = Guid.NewGuid(),
                        IsEnabled = true,
                        Type = "User",
                        UserConsentDescription =
                            $"Allow the application to access {appname} on your behalf.",
                        UserConsentDisplayName = $"Access {appname}",
                        Value = "user_impersonation"
                    }
                }
            },
            Oauth2RequirePostResponse = false,
            PasswordCredentials = new List<PasswordCredential>(),
            PublicClient = false,
            ReplyUrls = new List<string>(),
            RequiredResourceAccess = new List<RequiredResourceAccess>(),
            SamlMetadataUrl = null,
            ExtensionProperties = new List<ExtensionProperty>(),
            Manager = null,
            ObjectType = "Application",
            DeletionTimestamp = null,
            CreatedOnBehalfOf = null,
            CreatedObjects = new List<DirectoryObject>(),
            DirectReports = new List<DirectoryObject>(),
            Members = new List<DirectoryObject>(),
            MemberOf = new List<DirectoryObject>(),
            Owners = new List<DirectoryObject>(),
            OwnedObjects = new List<DirectoryObject>()
  };
await client.Applications.AddApplicationAsync(application);

我错过了房产吗?似乎没有任何非唯一属性,并且应用程序是使用唯一名称创建的.

Am I missing a property? There doesn't seem to be any non-unique properties, and the application is created with a unique name.

推荐答案

错误信息确实很混乱,但问题是你试图定义一个scope值(user_impersonation) 已经定义了.

The error message is indeed very confusing, but the problem is that you are trying to define a scope value (user_impersonation) that is already defined.

如果你运行这段代码,你会发现应用程序在你的目录中创建成功:

If you run this code, you'll find that the application is created successfully in your directory:

var appname = "Test Application create " + DateTime.Now.Ticks;
var application = new Application()
        {
            AvailableToOtherTenants = false,
            DisplayName = appname,
            ErrorUrl = null,
            GroupMembershipClaims = null,
            Homepage = "http://www.domain.com",
            IdentifierUris = new List<string>() {{"https://domain.com/"+ "Test" } },// CHANGED LINE
            KeyCredentials = new List<KeyCredential>(),
            KnownClientApplications = new List<Guid>(),
            LogoutUrl = null,
            Oauth2AllowImplicitFlow = false,
            Oauth2AllowUrlPathMatching = false,
            Oauth2Permissions = new List<OAuth2Permission>()
            {
                {
                    new OAuth2Permission()
                    {
                        AdminConsentDescription =
                            $"Allow the application to access {appname} on behalf of the signed-in user.",
                        AdminConsentDisplayName = $"Access {appname}",
                        Id = Guid.NewGuid(),
                        IsEnabled = true,
                        Type = "User",
                        UserConsentDescription =
                            $"Allow the application to access {appname} on your behalf.",
                        UserConsentDisplayName = $"Access {appname}",
                        Value = "custom_scope" // CHANGED LINE
                    }
                }
            },
            Oauth2RequirePostResponse = false,
            PasswordCredentials = new List<PasswordCredential>(),
            PublicClient = false,
            ReplyUrls = new List<string>(),
            RequiredResourceAccess = new List<RequiredResourceAccess>(),
            SamlMetadataUrl = null,
            ExtensionProperties = new List<ExtensionProperty>(),
            Manager = null,
            ObjectType = "Application",
            DeletionTimestamp = null,
            CreatedOnBehalfOf = null,
            CreatedObjects = new List<DirectoryObject>(),
            DirectReports = new List<DirectoryObject>(),
            Members = new List<DirectoryObject>(),
            MemberOf = new List<DirectoryObject>(),
            Owners = new List<DirectoryObject>(),
            OwnedObjects = new List<DirectoryObject>()
  };
await client.Applications.AddApplicationAsync(application);

另外,您的 IdentifierUris 不能包含空格,因此我已将其更改为硬编码字符串.

Also, your IdentifierUris cannot contain spaces, so I've changed it to a hardcoded string.

HTH

这篇关于使用图形 API 在 Azure Active Directory 中创建应用程序失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!

上一篇:如何将 AzureAD 和 AzureADBearer 添加到 asp.net core 2. 下一篇:添加 Azure Ad Oauth2 JWT 令牌声明

相关文章

最新文章