azure-ad-graph-api | 易学教程

How to get the JWT (using OpenIdConnect) from HttpContext, and pass to Azure AD Graph API

阅读更多关于 How to get the JWT (using OpenIdConnect) from HttpContext, and pass to Azure AD Graph API

Background We developed an application in 2016 that authenticated using WS-Federation, to grab claims from the on-premises AD. The direction of the IT strategy has changed, and is moving toward Azure AD (currently hosting a hybrid environment). We're in the process of migrating the authentication from WS-Fed, to AAD, using OpenIDConnect. Getting the user signed in and authenticated with the new method was surprisingly straightforward - do the config properly, and issue the authenticate challenge, and Robert is your mother's brother. The Problem Please correct me if I'm getting my terminology

Azure Graph API, Angular, Get users Groups

阅读更多关于 Azure Graph API, Angular, Get users Groups

问题 I want to query Azure AD Graph API to retrieve the groups claim for the logged in user from a registered Azure B2C app. The app I'm calling from is an Angular 5 SPA. After experimenting with Azure Active Directory and adal-angular4, I was successful retrieving a user's custom roles claim . To do this, I registered an Azure AD app, set required permission scopes, added custom roles to the application's manifest, added the user to the application, and set the custom role for the user. Then, I

How to get Microsoft Graph API Access token from Node Script?

阅读更多关于 How to get Microsoft Graph API Access token from Node Script?

问题 I'd like to use this library to interact with the graph API for my AD - https://github.com/microsoftgraph/microsoft-graph-docs/blob/master/concepts/nodejs.md However, all of the existing javascript libraries I've found to return access tokens expect a return URL to be passed in, as well as some other web-specific stuff, leading me to believe this is some kind of requirement on Microsoft's end. Is there any good way to authenticate/receive an access token while running a backend node script

How to get the JWT (using OpenIdConnect) from HttpContext, and pass to Azure AD Graph API

阅读更多关于 How to get the JWT (using OpenIdConnect) from HttpContext, and pass to Azure AD Graph API

问题 Background We developed an application in 2016 that authenticated using WS-Federation, to grab claims from the on-premises AD. The direction of the IT strategy has changed, and is moving toward Azure AD (currently hosting a hybrid environment). We're in the process of migrating the authentication from WS-Fed, to AAD, using OpenIDConnect. Getting the user signed in and authenticated with the new method was surprisingly straightforward - do the config properly, and issue the authenticate

How to retrieve contents of an itemAttachment via the Microsoft Graph API

阅读更多关于 How to retrieve contents of an itemAttachment via the Microsoft Graph API

问题 I'm currently developing a solution which is retrieving e-mails via the Microsoft Graph API. In november 2015 Microsoft stated it is ready for production and I've read in another forum post that if you start now on developing using a Microsoft API, you should use the Graph API, since it is the future. Everything is going well except for one thing and that is the following. I must retrieve e-mails. Inside these e-mails there are of course attachments. These attachments come in some variaties.

Find a User by Email Address

阅读更多关于 Find a User by Email Address

问题 I'm trying find out if an email address is already taken in my Azure AD B2C directory. var token = await this.GetTokenAsync(); var client = new HttpClient(); var id = HttpUtility.UrlEncode("adrian_mydomain.com#EXT#@xxxxxxxxx.onmicrosoft.com"); ////var id = HttpUtility.UrlEncode("adrian@mydomain.com"); // This also fails. ////var id = HttpUtility.UrlEncode("adrian_mydomain.com#EXT#"); // This also fails. ////var id = "xxxx-xxxx-xxxxxxxx-xxxxxxxxxx"; // This also fails (user object id). var

Insufficient privileges to complete the operation when using service principal to create Azure AD Application

阅读更多关于 Insufficient privileges to complete the operation when using service principal to create Azure AD Application

Following the code outlined here: https://github.com/Azure-Samples/active-directory-dotnet-graphapi-console/blob/master/GraphConsoleAppV3/Program.cs#L810 but using a Service Principal to authenticate one will get a Insufficient Privileges error when trying to create the application on client.Applications.AddApplicationAsync(appObject).Wait(); with token exchange like the following: var context = new AuthenticationContext($"https://login.microsoftonline.com/{tenantId}"); var token = context.AcquireToken("https://graph.windows.net", new ClientCredential(clientId, secret)); var client = new

Issue with Remove Application Role in AzureAD using GraphAPI / C#

阅读更多关于 Issue with Remove Application Role in AzureAD using GraphAPI / C#

I am trying to Add/Remove Application Role in AzureAD using VisualStudio/C#/GraphAPI. I can successfully add user to ApplicationRole but Remove(or Delete) role doesn't work. I researched on internet and it seems an issue with AzureAD graph API itself. check: https://social.msdn.microsoft.com/Forums/sqlserver/en-US/5707763c-41f7-4465-abdb-3a8d8ded153b/graph-api-apiversion15-how-to-remove-user-from-application-role-using-c-net?forum=WindowsAzureAD However, it's an old post so not sure if any workaround is available now. Any help is appreciated to fix this issue. I can successfully add user to

Azure: Service Principal ID vs Application ID

阅读更多关于 Azure: Service Principal ID vs Application ID

问题 According to this documentation: Application and Service principal are clearly two different things. Application is the global identity and Service principal is per Tenant/AAD But This Documentation and This Stack Overflow Question suggest they are the same. To make it more confusing, When I used the Graph API (from the first reference) and queried by my application name: https://graph.windows.net/<tenantName>/applications?api-version=1.6&$filter=displayName eq '<Apllication Name>' I see a

Azure: Service Principal ID vs Application ID

阅读更多关于 Azure: Service Principal ID vs Application ID

According to this documentation : Application and Service principal are clearly two different things. Application is the global identity and Service principal is per Tenant/AAD But This Documentation and This Stack Overflow Question suggest they are the same. To make it more confusing, When I used the Graph API (from the first reference) and queried by my application name: https://graph.windows.net/<tenantName>/applications?api-version=1.6&$filter=displayName eq '<Apllication Name>' I see a object Id, an Application ID (which I thought were the same), but no service principal ID in the Json