使用图形 API 在 Azure Active Directory 中创建应用程序失败
时间:2023-02-27问题描述
我正在尝试使用 Azure Active Directory Graph API(带有 Azure GraphClient nuget 包)在 Azure AD 中创建一个新应用程序.
I'm trying to use the Azure Active Directory Graph API (with the Azure GraphClient nuget package) to create a new application in Azure AD.
我已经使用现有的 AAD 应用程序进行了身份验证,因此我对目录具有写入权限.
I've authenticated using an existing AAD application, so I have write access to the directory.
但是,当创建新的应用程序对象时,Azure Graph API 会返回此错误:
However, when creating the new application object the Azure Graph API returns this error:
{"odata.error": {
"code":"Request_BadRequest",
"message": {
"lang":"en",
"value":"Property value cannot have duplicate id or claim values."
},
"values":
[{
"item":"PropertyName",
"value":"None"
},
{
"item":"PropertyErrorCode",
"value":"DuplicateValue"
}
]
}
}
它没有说明哪个属性具有重复的 id 或声明值 - 错误消息中有两个空格,就好像名称丢失一样.
It doesn't say which property has a duplicate id or claim value - there are two spaces in the error message as if the name is missing.
创建应用程序对象的代码是这样的:
The code which creates the Application object is this:
var appname = "Test Application create " + DateTime.Now.Ticks;
var application = new Application()
{
AvailableToOtherTenants = false,
DisplayName = appname,
ErrorUrl = null,
GroupMembershipClaims = null,
Homepage = "http://www.domain.com",
IdentifierUris = new List<string>() {{"https://domain.com/"+ appname } },
KeyCredentials = new List<KeyCredential>(),
KnownClientApplications = new List<Guid>(),
LogoutUrl = null,
Oauth2AllowImplicitFlow = false,
Oauth2AllowUrlPathMatching = false,
Oauth2Permissions = new List<OAuth2Permission>()
{
{
new OAuth2Permission()
{
AdminConsentDescription =
$"Allow the application to access {appname} on behalf of the signed-in user.",
AdminConsentDisplayName = $"Access {appname}",
Id = Guid.NewGuid(),
IsEnabled = true,
Type = "User",
UserConsentDescription =
$"Allow the application to access {appname} on your behalf.",
UserConsentDisplayName = $"Access {appname}",
Value = "user_impersonation"
}
}
},
Oauth2RequirePostResponse = false,
PasswordCredentials = new List<PasswordCredential>(),
PublicClient = false,
ReplyUrls = new List<string>(),
RequiredResourceAccess = new List<RequiredResourceAccess>(),
SamlMetadataUrl = null,
ExtensionProperties = new List<ExtensionProperty>(),
Manager = null,
ObjectType = "Application",
DeletionTimestamp = null,
CreatedOnBehalfOf = null,
CreatedObjects = new List<DirectoryObject>(),
DirectReports = new List<DirectoryObject>(),
Members = new List<DirectoryObject>(),
MemberOf = new List<DirectoryObject>(),
Owners = new List<DirectoryObject>(),
OwnedObjects = new List<DirectoryObject>()
};
await client.Applications.AddApplicationAsync(application);
我错过了房产吗?似乎没有任何非唯一属性,并且应用程序是使用唯一名称创建的.
Am I missing a property? There doesn't seem to be any non-unique properties, and the application is created with a unique name.
推荐答案
错误信息确实很混乱,但问题是你试图定义一个scope值(user_impersonation) 已经定义了.
The error message is indeed very confusing, but the problem is that you are trying to define a scope value (user_impersonation) that is already defined.
如果你运行这段代码,你会发现应用程序在你的目录中创建成功:
If you run this code, you'll find that the application is created successfully in your directory:
var appname = "Test Application create " + DateTime.Now.Ticks;
var application = new Application()
{
AvailableToOtherTenants = false,
DisplayName = appname,
ErrorUrl = null,
GroupMembershipClaims = null,
Homepage = "http://www.domain.com",
IdentifierUris = new List<string>() {{"https://domain.com/"+ "Test" } },// CHANGED LINE
KeyCredentials = new List<KeyCredential>(),
KnownClientApplications = new List<Guid>(),
LogoutUrl = null,
Oauth2AllowImplicitFlow = false,
Oauth2AllowUrlPathMatching = false,
Oauth2Permissions = new List<OAuth2Permission>()
{
{
new OAuth2Permission()
{
AdminConsentDescription =
$"Allow the application to access {appname} on behalf of the signed-in user.",
AdminConsentDisplayName = $"Access {appname}",
Id = Guid.NewGuid(),
IsEnabled = true,
Type = "User",
UserConsentDescription =
$"Allow the application to access {appname} on your behalf.",
UserConsentDisplayName = $"Access {appname}",
Value = "custom_scope" // CHANGED LINE
}
}
},
Oauth2RequirePostResponse = false,
PasswordCredentials = new List<PasswordCredential>(),
PublicClient = false,
ReplyUrls = new List<string>(),
RequiredResourceAccess = new List<RequiredResourceAccess>(),
SamlMetadataUrl = null,
ExtensionProperties = new List<ExtensionProperty>(),
Manager = null,
ObjectType = "Application",
DeletionTimestamp = null,
CreatedOnBehalfOf = null,
CreatedObjects = new List<DirectoryObject>(),
DirectReports = new List<DirectoryObject>(),
Members = new List<DirectoryObject>(),
MemberOf = new List<DirectoryObject>(),
Owners = new List<DirectoryObject>(),
OwnedObjects = new List<DirectoryObject>()
};
await client.Applications.AddApplicationAsync(application);
另外,您的 IdentifierUris 不能包含空格,因此我已将其更改为硬编码字符串.
Also, your IdentifierUris cannot contain spaces, so I've changed it to a hardcoded string.
HTH
这篇关于使用图形 API 在 Azure Active Directory 中创建应用程序失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!
相关文章
如何最小起订量索引属性How to MOQ an Indexed property(如何最小起订量索引属性)- 在 Moq 中模拟泛型方法而不指定 TMocking generic methods in Moq without specifying T(在 Moq 中模拟泛型方法而不指定 T)
- Moles Isolation 框架是如何实现的?How Moles Isolation framework is implemented?(Moles Isolation 框架是如何实现的?)
- 依赖注入和模拟框架之间的区别(Ninject vs RhinoMocks 或 Moq)Difference between Dependency Injection and Mocking Framework (Ninject vs RhinoMocks or Moq)(依赖注入和模拟框架之间的区别(Ninject vs RhinoMocks 或 Moq
- 如何使用 moq 模拟 Controller.UserHow to mock Controller.User using moq(如何使用 moq 模拟 Controller.User)
- 如何模拟没有接口的类?How do I mock a class without an interface?(如何模拟没有接口的类?)
最新文章
- 更新 ClaimsPrincipal 中的声明
- Azure Active Directory 与 MVC,客户端和资源标识同一个应用程序
- 带有 OpenIdAuthentication 的 ASP.NET:如果未授权,则重定向到 url
- 在 Azure Active Directory 中用户禁用选项有吗?
- 从 Azure Active Directory 获取个人资料图片
- 使用 Azure Active Directory - 一个应用程序在本地登录并在发布时登录
- 使用密码和 Azure Active Directory 身份验证的 Asp.net Identity
- 如何使用 Azure 身份验证在 Azure Function 中获取当前用户身份?
- 无法从桌面控制台应用访问 Azure Key Vault
- 在 C# 中使用 authProvider 和 MS SDK 进行图形调用