Create a new user in Azure Active Directory (B2C) with Graph API, using http post request
I have previously been adding users programmatically using Active Directory Authentication Library (ADAL), but now I need to define \"signInNames\" (= users email), and that
-
Did you grant the app sufficient permission to operate users? The create user REST API works well for me for the B2C tenant.
Here are the steps I tested:
1.Create the app via the PowerShell below
PowerShell: $bytes = New-Object Byte[] 32 $rand = [System.Security.Cryptography.RandomNumberGenerator]::Create() $rand.GetBytes($bytes) $rand.Dispose() $newClientSecret = [System.Convert]::ToBase64String($bytes) New-MsolServicePrincipal -DisplayName "My New B2C Graph API App" -Type password -Value2.Grant the app to User Account Administrator role.
Add-MsolRoleMember -RoleObjectId fe930be7-5e62-47db-91af-98c3a49a38b1 -RoleMemberObjectId 7311370c-dac3-4f34-b2ce-b22c2a5a811e -RoleMemberType servicePrincipal3.Get the token for the app with client credential flow
POST: https://login.microsoftonline.com/adb2cfei.onmicrosoft.com/oauth2/token grant_type=client_credentials&client_id={AppPrincipalId return by PowerShell}&client_secret={client_secret}&resource=https%3A%2F%2Fgraph.windows.net4.Create the user with REST below:
POST: https://graph.windows.net/adb2cfei.onmicrosoft.com/users?api-version=1.6 authorization: bearer {token} content-type: application/json { "accountEnabled": true, "creationType": "LocalAccount", "displayName": "Alex Wu", "passwordProfile": { "password": "Test1234", "forceChangePasswordNextLogin": false }, "signInNames": [ { "type": "userName", "value": "AlexW" }, { "type": "emailAddress", "value": "AlexW@example.com" } ] }讨论(0) -
Thank you for your response Fei Xue, i believe i had the right permissions. What i did to solvem my problem.
First off i removed my own custom class "NewUser", then i downloaded this sample-project: https://github.com/AzureADQuickStarts/B2C-GraphAPI-DotNet/blob/master/B2CGraphClient/B2CGraphClient.cs to eliminate the risk that my code was wrong. I modified it to support my needs, then i created a simple JObject:
var jsonObject = new JObject { {"accountEnabled", true}, {"country", customer.CustomerBase.Company}, {"creationType", "LocalAccount"}, {"displayName", pendingCustomer.Email.Trim()}, {"passwordPolicies", "DisablePasswordExpiration,DisableStrongPassword"}, {"passwordProfile", new JObject { {"password", pwd}, {"forceChangePasswordNextLogin", true} } }, {"signInNames", new JArray { new JObject { {"value", pendingCustomer.Email.Trim()}, {"type", "emailAddress"} } } } }; client = new B2CGraphClient(ClientId, ClientSecret, TenantId); var response = await client.CreateUser(jsonObject.ToString()); var newUser = JsonConvert.DeserializeObject<User>(response);From B2CGraphClient.cs
private async Task<string> SendGraphPostRequest(string api, string json) { // NOTE: This client uses ADAL v2, not ADAL v4 var result = authContext.AcquireToken(Globals.aadGraphResourceId, credential); var http = new HttpClient(); var url = Globals.aadGraphEndpoint + tenant + api + "?" + Globals.aadGraphVersion; var request = new HttpRequestMessage(HttpMethod.Post, url); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); request.Content = new StringContent(json, Encoding.UTF8, "application/json"); var response = await http.SendAsync(request); if (!response.IsSuccessStatusCode) { var error = await response.Content.ReadAsStringAsync(); var formatted = JsonConvert.DeserializeObject(error); //Console.WriteLine("Error Calling the Graph API: \n" + JsonConvert.SerializeObject(formatted, Formatting.Indented)); Logger.Error("Error Calling the Graph API: \n" + JsonConvert.SerializeObject(formatted, Formatting.Indented)); } Logger.Info((int)response.StatusCode + ": " + response.ReasonPhrase); return await response.Content.ReadAsStringAsync(); }This finally solved all my problems, it was probably an format-error in the serialization of my NewCustomer-class, which then got rejected by the API.
讨论(0)
加载中...
- 热议问题