azure-active-directory

问题 I'm trying to give a console app permission to call an API in Azure AD. When I go to "Add permissions," "application permissions" is grayed out and I can only select "delegated permissions." My understanding is that application permissions is right for the console app because it runs on the back-end and users don't sign into it. From the help text for "application permissions": Your application runs as a background service or daemon without a signed-in user. The help text for "delegated

问题 I created an Azure Active Directory Application and i want to use role based security. I followed the tutorial on: https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore/ The login works, I added roles to the application manifest and assigned the role Approver to my own account. Now i want to use these roles. After login the following works in the controller: [Authorize] But when adding the role the user is not authorized: [Authorize(Roles=

问题 I created an Azure Active Directory Application and i want to use role based security. I followed the tutorial on: https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore/ The login works, I added roles to the application manifest and assigned the role Approver to my own account. Now i want to use these roles. After login the following works in the controller: [Authorize] But when adding the role the user is not authorized: [Authorize(Roles=

问题 I created an Azure Active Directory Application and i want to use role based security. I followed the tutorial on: https://azure.microsoft.com/en-us/resources/samples/active-directory-dotnet-webapp-openidconnect-aspnetcore/ The login works, I added roles to the application manifest and assigned the role Approver to my own account. Now i want to use these roles. After login the following works in the controller: [Authorize] But when adding the role the user is not authorized: [Authorize(Roles=

问题 I am running below Microsoft Graph Api code: using Microsoft.IdentityModel.Clients.ActiveDirectory; using System; using System.Net.Http; using System.Net.Http.Headers; using System.Threading.Tasks; namespace AADConsole2 { class Program { private const string aadInstance = "https://login.microsoftonline.com/{0}"; // private const string ResourceUrl = "https://graph.windows.net"; private const string resource = "https://graph.microsoft.com"; private const string GraphServiceObjectId = "XXX";

问题 I am running below Microsoft Graph Api code: using Microsoft.IdentityModel.Clients.ActiveDirectory; using System; using System.Net.Http; using System.Net.Http.Headers; using System.Threading.Tasks; namespace AADConsole2 { class Program { private const string aadInstance = "https://login.microsoftonline.com/{0}"; // private const string ResourceUrl = "https://graph.windows.net"; private const string resource = "https://graph.microsoft.com"; private const string GraphServiceObjectId = "XXX";

问题 I am using Client application (Client credentials grant) with defined permissions Application.ReadWrite.All and User.ReadWrite.All (both are included in Bearer token) to change accountEnabled to false for a user, like here: { "accountEnabled": false, "city": "C234", "country": "AFG", "displayName": "Steve Rogers", "givenName": "Steve", "jobTitle": "Azure", "mailNickname": "steve", "postalCode": "Z345", "streetAddress": "S123", "surname": "Rogers", "userPrincipalName": "steve@***.onmicrosoft

问题 I am running this code to obtain a Bearer token from the InteractiveBrowserCreedentail and log in to azure blob storage: cred = InteractiveBrowserCredential(authority="login.microsoftonline.com", tenant_id="**", client_id="**") token = cred.get_token() print(token) blobber = BlobServiceClient(account_url="https://**.blob.core.windows.net", credential=cred) blobs = blobber.list_containers() for b in blobs: print(b) This works well. I am trying to reuse the token in another call, this time a

问题 This code works just fine: from azure.storage.blob import BlobServiceClient from azure.identity import InteractiveBrowserCredential, DeviceCodeCredential, ClientSecretCredential credential = DeviceCodeCredential(authority="login.microsoftonline.com", tenant_id="***", client_id="***") blobber = BlobServiceClient(account_url="https://***.blob.core.windows.net", credential=credential) blobs = blobber.list_containers() for b in blobs: print(b) I run it, I browse to the url, fill in the code I am

问题 I am using ADAL's (Microsoft.IdentityModel.Clients.ActiveDirectory v4.3.0) AuthenticationContext.AcquireTokenAsync to acquire a bearer token with a ClientCredential . I am creating a new AuthenticationContext to acquire a token for each request. Is that thread-safe? Or do I have to lock the call to AcquireTokenAsync with a static SemaphoreSlim ? I am asking because according to http://www.cloudidentity.com/blog/2013/10/01/getting-acquainted-with-adals-token-cache/ the method uses a static