使用 .NET Core(API 和 HTTP)创建 Azure AD 应用程序和服务主体
Creating Azure AD application and a service principal using .NET Core (the API and HTTP)
继续我以编程方式创建 Azure 应用程序的探索(这从 ), I have core that acquires a subscriptionID and a tenantId as follows, but I'm at loss as how could I create an application and its associated service principal locally. This is basically where New-AzureRmADApplication and New-AzureRmADServicePrincipal would be used in case of PowerShell. This question is partially answered at 继续,但看起来 .NET Core 可能是这里出现一些问题的原因,因为找不到类型。
更具体地说,我有如下代码
string resource = "https://management.core.windows.net/";
string clientId = "1950a258-227b-4e31-a9cf-717495945fc2";
string userName = "<replace>";
string password = "<replace>";
string apiVersion = "2016-06-01";
using(var client = new HttpClient())
{
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
string tokenEndpoint = "https://login.microsoftonline.com/common/oauth2/token";
var body = $"resource={resource}&client_id={clientId}&grant_type=password&username={userName}&password={password}";
var stringContent = new StringContent(body, Encoding.UTF8, "application/x-www-form-urlencoded");
var response = await client.PostAsync(tokenEndpoint, stringContent).ConfigureAwait(false);
var result = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
JObject jobject = JObject.Parse(result);
var token = jobject["access_token"].Value<string>();
client.DefaultRequestHeaders.Add("Authorization", $"bearer {token}");
var subcriptions = await client.GetStringAsync($"https://management.azure.com/subscriptions?api-version={apiVersion}").ConfigureAwait(false);
var tenants = await client.GetStringAsync($"https://management.azure.com/tenants?api-version={apiVersion}").ConfigureAwait(false);
Console.WriteLine(subcriptions);
Console.WriteLine(tenants);
//We have the SubscriptionID, TenantId and the token to
//the subscription here. How to do New-AzureRmADApplication and New-AzureRmADServicePrincipal with the application ID here? Specifically I'm considering to use a certificate thumbrint if it matters.
//var subscription = "... from subscriptions...";
//var tenantId = "... from tenants...";
}
您可以获取访问令牌并调用 Azure AD Graph API 来创建应用程序和服务主体。 (Microsoft Graph API 也允许它,但只能通过 beta 端点)
您可以在此处找到应用程序实体文档:https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/entity-and-complex-type-reference#application-entity
要获取令牌,您的应用需要具有在 Azure AD 中为 Azure AD Graph API 授予的必要 delegated/app 权限 API。
然后当你拿到令牌后,使用https://graph.windows.net作为资源。
那么你应该可以 POST 到 https://graph.windows.net/tenant-id/applications?api-version=1.6 像这样 body:
{
"displayName":"Test app",
"identifierUris": [
"https://mytenant.onmicrosoft.com/testapp"
],
"homePage":"http://localhost"
}
将 URL 中的 tenant-id 替换为您的租户 ID。
这就是创建的应用程序,在响应中您将获得创建的应用程序。
从中获取 appId 字段,您将需要它来创建服务主体。
然后 POST 到: https://graph.windows.net/tenant-id/servicePrincipals?api-version=1.6 和 body 像这样:
{
"appId":"eb167a6d-aaaa-aaaa-aaaa-46e981be37fa"
}
这应该会创建相应的服务主体。
继续我以编程方式创建 Azure 应用程序的探索(这从 subscriptionID and a tenantId as follows, but I'm at loss as how could I create an application and its associated service principal locally. This is basically where New-AzureRmADApplication and New-AzureRmADServicePrincipal would be used in case of PowerShell. This question is partially answered at
更具体地说,我有如下代码
string resource = "https://management.core.windows.net/";
string clientId = "1950a258-227b-4e31-a9cf-717495945fc2";
string userName = "<replace>";
string password = "<replace>";
string apiVersion = "2016-06-01";
using(var client = new HttpClient())
{
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
string tokenEndpoint = "https://login.microsoftonline.com/common/oauth2/token";
var body = $"resource={resource}&client_id={clientId}&grant_type=password&username={userName}&password={password}";
var stringContent = new StringContent(body, Encoding.UTF8, "application/x-www-form-urlencoded");
var response = await client.PostAsync(tokenEndpoint, stringContent).ConfigureAwait(false);
var result = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
JObject jobject = JObject.Parse(result);
var token = jobject["access_token"].Value<string>();
client.DefaultRequestHeaders.Add("Authorization", $"bearer {token}");
var subcriptions = await client.GetStringAsync($"https://management.azure.com/subscriptions?api-version={apiVersion}").ConfigureAwait(false);
var tenants = await client.GetStringAsync($"https://management.azure.com/tenants?api-version={apiVersion}").ConfigureAwait(false);
Console.WriteLine(subcriptions);
Console.WriteLine(tenants);
//We have the SubscriptionID, TenantId and the token to
//the subscription here. How to do New-AzureRmADApplication and New-AzureRmADServicePrincipal with the application ID here? Specifically I'm considering to use a certificate thumbrint if it matters.
//var subscription = "... from subscriptions...";
//var tenantId = "... from tenants...";
}
您可以获取访问令牌并调用 Azure AD Graph API 来创建应用程序和服务主体。 (Microsoft Graph API 也允许它,但只能通过 beta 端点)
您可以在此处找到应用程序实体文档:https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/entity-and-complex-type-reference#application-entity
要获取令牌,您的应用需要具有在 Azure AD 中为 Azure AD Graph API 授予的必要 delegated/app 权限 API。
然后当你拿到令牌后,使用https://graph.windows.net作为资源。
那么你应该可以 POST 到 https://graph.windows.net/tenant-id/applications?api-version=1.6 像这样 body:
{
"displayName":"Test app",
"identifierUris": [
"https://mytenant.onmicrosoft.com/testapp"
],
"homePage":"http://localhost"
}
将 URL 中的 tenant-id 替换为您的租户 ID。
这就是创建的应用程序,在响应中您将获得创建的应用程序。
从中获取 appId 字段,您将需要它来创建服务主体。
然后 POST 到: https://graph.windows.net/tenant-id/servicePrincipals?api-version=1.6 和 body 像这样:
{
"appId":"eb167a6d-aaaa-aaaa-aaaa-46e981be37fa"
}
这应该会创建相应的服务主体。