我的目标是使用C#在CAL全局管理员帐户中为我的租户在Azure Active Directory中创建一个应用程序。
因为它正在通过PowerShell命令。
Login-AzureRmAccount ==> CSP Global admin credentials
Select-AzureRmSubscription -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx(Enter your Customer Microsoft ID)" ==> Select a tenant where I want to create application
$password = ConvertTo-SecureString "SomePass@123" -asplaintext -force
New-AzureRmADApplication -DisplayName "MyApp" -HomePage "http://MyApp" -IdentifierUris "http://MyApp" -Password $password ==> Application created in the above mentioned tenants account.
请帮我在C#中做同样的事情。
public static string postRequest(string url, string access_token, string data)
{
byte[] buffer = null;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
request.Method = "post";
request.ContentType = "application/json";
request.Headers.Add("Authorization", "Bearer " + access_token);
//request.Headers.Add("other header", "it's value");
if (data != null)
buffer = Encoding.UTF8.GetBytes(data);
else
buffer = Encoding.UTF8.GetBytes("");
request.ContentLength = buffer.Length;
request.GetRequestStream().Write(buffer, 0, buffer.Length);
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
using (StreamReader reader = new StreamReader(response.GetResponseStream(), Encoding.UTF8))
{
return response.StatusCode + " " + reader.ReadToEnd();
}
}
public class PasswordCredential
{
public string startDate;
public string endDate;
public string keyId;
public string value;
}
public class AppConfiguration
{
public bool availableToOtherTenants;
public string displayName;
public string homepage;
public List<string> identifierUris = new List<string>();
public List<PasswordCredential> passwordCredentials = new List<PasswordCredential>();
}
static void Main(string[] args)
{
string tenantId = @"customer tenant id";
string resource = @"https://graph.windows.net/";
string clientId = @"1950a258-227b-4e31-a9cf-717495945fc2";
string returnUri = @"urn:ietf:wg:oauth:2.0:oob";
var context = new AuthenticationContext("https://login.microsoftonline.com/" + tenantId);
var uri = new Uri(returnUri);
var platformParams = new PlatformParameters(PromptBehavior.Always);
var authResult = context.AcquireTokenAsync(resource, clientId, uri, platformParams).Result;
var accessToken = authResult.AccessToken;
var url = @"https://graph.windows.net/{customer_tenant_id}/applications?api-version=1.6";
var passwordCredential = new PasswordCredential();
passwordCredential.startDate = DateTime.UtcNow.ToString("yyyy-MM-ddThh:mm:ssZ");
passwordCredential.endDate = DateTime.UtcNow.AddYears(1).ToString("yyyy-MM-ddThh:mm:ssZ");
passwordCredential.keyId = Guid.NewGuid().ToString();
passwordCredential.value = "TestPassword1.";
var appConfiguration = new AppConfiguration();
appConfiguration.availableToOtherTenants = false;
appConfiguration.displayName = "MyApp";
appConfiguration.homepage = "Https://MyApp";
appConfiguration.identifierUris.Add("https://MyApp");
appConfiguration.passwordCredentials.Add(passwordCredential);
var body = JsonConvert.SerializeObject(appConfiguration);
//Console.WriteLine(body);
var result = postRequest(url, accessToken, body);
Console.WriteLine(result);
Console.ReadLine();
}
我使用ADAL,Newtonsoft.Json和HttpWebRequest快速为您创建了一个示例。您可以先尝试使用此代码段。
更新:不建议硬编码您的用户名和密码。如果启用MFA,则可能无法获取令牌。如果禁用MFA,您可以尝试使用以下代码段:
string userName = @"[email protected]";
string passWord = @"password";
var context = new AuthenticationContext("https://login.microsoftonline.com/tenant_id");
result = context.AcquireTokenAsync(
resource,
clientid,
new UserPasswordCredential(userName, passWord)).Result;
您可以使用Microsoft Graph API Beta version 在azure门户上创建新应用程序
注意调用此API需要以下权限之一。要了解更多信息,包括如何选择权限,请参阅Permissions。看下面的屏幕截图
请求格式
更新:
我试过这种方式:
设置请求正文如下
{
"displayName": "Your Application Name"
}
请参见下面的屏幕截图
Azure门户:
成功响应后,检查了天蓝色门户网站
要记住
如果您尝试使用Microsoft Graph Explorer,则必须设置以下权限。
请参见下面的屏幕截图
有关更多信息,您可以查看here
注意:Microsoft Graph中的/ beta版本下的API可能会发生变化。不支持在生产应用程序中使用这些API。