我们可以使用 gmail 地址创建本地帐户用户吗?
Can we create local account users with a gmail address?
我们正在使用 ADAL.Net 在 Azure AD 中创建用户。使用 SinginNames,我们可以提供任何电子邮件地址(gmail 或非域电子邮件)作为用户名来创建 Azure AD 本地帐户。
当我们尝试使用 Microsoft Graph (MSAL.Net) 时,我们无法创建用户:
Code: Request_BadRequest
Message: Property userPrincipalName is invalid.
我们如何使用 Microsoft Graph 或 Microsoft Graph 客户端库创建 gmail 地址作为用户名?
新创建的帐户应该是本地用户帐户,而不是来宾用户。
var user = new User
{
AccountEnabled = true,
DisplayName = "displayName-value",
MailNickname = "mailNickname-value",
UserPrincipalName = "vetrivelmp1@gmail.com",
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = true,
Password = "Test123!@#"
}
};
var graphClient = await _msGraphHelper.GetMsGraphClientAsync();
var createdUser = await graphClient
.Users
.Request()
.AddAsync(user);
不可以。您必须使用 tenant specific email 以下示例请求:
请求URL:https://graph.microsoft.com/v1.0/users
{
"accountEnabled": true,
"displayName": "KironTestDisplayName",
"mailNickname": "KironTestNickName",
"userPrincipalName": "KironTestingCreateUserWithMember@MyTenant.onmicrosoft.com",
"userType":"guest",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "Test@pass420"
}
}
要记住的要点:
- 获取要在其中创建用户的租户的正确令牌
- 需要request permission
userPrincipalName 应该遵循
UserName@tenant-value.onmicrosoft.com
"userType":"guest" 或者 "Member" 你可以加上
Note: Mail should be like myUser@Mytenant.onmicrosoft.com Other then you would encounter 400 request error like Property userPrincipalName is invalid
您的案例:
如果您想使用 gmail account 创建用户,则需要更改请求模式 您必须像下面这样请求 invitation API:
请求Url:https://graph.microsoft.com/v1.0/invitations
请求正文:
{
"invitedUserEmailAddress": "TestGmailUser@gmailUser",
"inviteRedirectUrl": "https://myapp.com"
}
响应:
Note: If go to azure portal you would see you cannot add gmail user as domain member you add as guest user after invitation. So this
why you need above request pattern. Hope you are clear now.
Gmail用户添加SDK:
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var invitation = new Invitation
{
InvitedUserEmailAddress = "TestGmailUser@gmailUser",
InviteRedirectUrl = "https://myapp.com"
};
await graphClient.Invitations
.Request()
.AddAsync(invitation);
Azure 门户验证:
我已使用上述请求在我的门户网站上成功添加 gmail user。请参阅下面的屏幕截图:
对于那些仍在努力实现这一目标的人来说,这里接受的答案没有帮助,或者至少在 2021 年不是这样。我能够使用个人电子邮件地址和自定义签名创建本地 B2C 帐户在名称中使用 Example 2: Create a user with social and local account identities.
POST https://graph.microsoft.com/v1.0/users
Content-type: application/json
{
"displayName": "John Smith",
"identities": [
{
"signInType": "userName",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "johnsmith"
},
{
"signInType": "emailAddress",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "jsmith@yahoo.com"
},
{
"signInType": "federated",
"issuer": "facebook.com",
"issuerAssignedId": "5eecb0cd"
}
],
"passwordProfile" : {
"password": "password-value",
"forceChangePasswordNextSignIn": false
},
"passwordPolicies": "DisablePasswordExpiration"
}
我们正在使用 ADAL.Net 在 Azure AD 中创建用户。使用 SinginNames,我们可以提供任何电子邮件地址(gmail 或非域电子邮件)作为用户名来创建 Azure AD 本地帐户。
当我们尝试使用 Microsoft Graph (MSAL.Net) 时,我们无法创建用户:
Code: Request_BadRequest
Message: Property userPrincipalName is invalid.
我们如何使用 Microsoft Graph 或 Microsoft Graph 客户端库创建 gmail 地址作为用户名?
新创建的帐户应该是本地用户帐户,而不是来宾用户。
var user = new User
{
AccountEnabled = true,
DisplayName = "displayName-value",
MailNickname = "mailNickname-value",
UserPrincipalName = "vetrivelmp1@gmail.com",
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = true,
Password = "Test123!@#"
}
};
var graphClient = await _msGraphHelper.GetMsGraphClientAsync();
var createdUser = await graphClient
.Users
.Request()
.AddAsync(user);
不可以。您必须使用 tenant specific email 以下示例请求:
请求URL:https://graph.microsoft.com/v1.0/users
{
"accountEnabled": true,
"displayName": "KironTestDisplayName",
"mailNickname": "KironTestNickName",
"userPrincipalName": "KironTestingCreateUserWithMember@MyTenant.onmicrosoft.com",
"userType":"guest",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "Test@pass420"
}
}
要记住的要点:
- 获取要在其中创建用户的租户的正确令牌
- 需要request permission
userPrincipalName应该遵循UserName@tenant-value.onmicrosoft.com"userType":"guest" 或者 "Member" 你可以加上
Note: Mail should be like
myUser@Mytenant.onmicrosoft.comOther then you would encounter 400 request error likeProperty userPrincipalName is invalid
您的案例:
如果您想使用 gmail account 创建用户,则需要更改请求模式 您必须像下面这样请求 invitation API:
请求Url:https://graph.microsoft.com/v1.0/invitations
请求正文:
{
"invitedUserEmailAddress": "TestGmailUser@gmailUser",
"inviteRedirectUrl": "https://myapp.com"
}
响应:
Note: If go to
azure portalyou would see you cannot addgmail useras domain member you add as guest user after invitation. So this why you need above request pattern. Hope you are clear now.
Gmail用户添加SDK:
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var invitation = new Invitation
{
InvitedUserEmailAddress = "TestGmailUser@gmailUser",
InviteRedirectUrl = "https://myapp.com"
};
await graphClient.Invitations
.Request()
.AddAsync(invitation);
Azure 门户验证:
我已使用上述请求在我的门户网站上成功添加 gmail user。请参阅下面的屏幕截图:
对于那些仍在努力实现这一目标的人来说,这里接受的答案没有帮助,或者至少在 2021 年不是这样。我能够使用个人电子邮件地址和自定义签名创建本地 B2C 帐户在名称中使用 Example 2: Create a user with social and local account identities.
POST https://graph.microsoft.com/v1.0/users
Content-type: application/json
{
"displayName": "John Smith",
"identities": [
{
"signInType": "userName",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "johnsmith"
},
{
"signInType": "emailAddress",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "jsmith@yahoo.com"
},
{
"signInType": "federated",
"issuer": "facebook.com",
"issuerAssignedId": "5eecb0cd"
}
],
"passwordProfile" : {
"password": "password-value",
"forceChangePasswordNextSignIn": false
},
"passwordPolicies": "DisablePasswordExpiration"
}