Microsoft Graph API 通过电子邮件地址获取多个 B2C 用户

Question

我的用例是从 Microsoft Graph api 查询多个 b2c 用户以获取显示名称并获取有关上次登录的信息。我知道最后一次登录只能通过测试路线获得。

我正在使用 Microsoft Graph api 测试版客户端并尝试通过电子邮件地址获取用户。

我的 b2c 用户没有任何邮件或其他邮件值，只有有关电子邮件的信息被放在身份列表中。

var result = await client.Users
.Request()
.Select(e => new
{
    e.DisplayName,
    e.UserType,
    e.OtherMails,
    e.UserPrincipalName,
    e.Mail,
    e.Identities,
    e.SignInActivity
}).GetAsync();

此调用 returns 所有用户，因此我必须在内存中进行过滤，这很糟糕。

.Filter("identities/any(id:id/issuer eq 'xxx.onmicrosoft.com' and id/issuerAssignedId eq 'superUser@mail.com')")

此过滤器功能 returns 恰好是一个特定用户，但我无法通过单个请求查询多个用户。就像是 .Filter("identities/any(id:id/issuer eq 'xxx.onmicrosoft.com' and id/issuerAssignedId eq 'superUser@mail.com') or identities/any(id:id/issuer eq 'xxx.onmicrosoft.com' and id/issuerAssignedId eq 'superUser2@mail.com')") Return 查询是复杂的，用 'in' returns 不支持的查询替换 'eq'，因为看起来 lambda 运算符不支持 'in'.

有人知道如何查询例如一个请求有 2 个电子邮件地址？

Answer 1

谢谢丹斯坦，

通过批量请求，它可以通过单个请求同时获取最多 20 个帐户。 https://docs.microsoft.com/en-us/graph/sdks/batch-requests?tabs=csharp#simple-batching-example API 仍然将其限制为单个批处理请求中的 20 个请求。 '代码：超出最大值 消息：批请求步骤数超过最大值 20。'

这使得通过视图请求查询所有数据成为可能。

Answer 2

我也可以提供一个 rosly pad 脚本，您只需设置您的特定值，如客户端 ID、密码等。

#r "nuget:Microsoft.Graph.Auth/1.0.0-preview.7"
#r "nuget:Microsoft.Graph.Beta/4.28.0-preview"

#r "nuget:RestSharp/107.1.1"
#r "nuget:RestRequest/1.2.0"
#r "nuget:Microsoft.Azure.Services.AppAuthentication/1.6.2"
#r "nuget:Azure.Core/1.22.0"
#r "nuget:Azure.Identity/1.5.0"

using Microsoft.Graph;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System.Net.Http.Headers;
using Azure.Identity;
using System.Linq;
using Azure.Core;
using Microsoft.Graph.Auth;
using Microsoft.Identity.Client;

using System.Net.Http;


var client = await GetGraphApiClient();

var emails = new []{  "email1@example.de","email2@example.de","email3@example.de","email4@example.de","email5@example.de"};

// Build the batch
var batchRequestContent = new BatchRequestContent();

// Using AddBatchRequestStep adds each request as a step
foreach (var element in emails)
{
    var userRequest2 = client.Users
        .Request()
        .Select(e => new
        {
            e.DisplayName,
            e.UserType,
            e.OtherMails,
            e.UserPrincipalName,
            e.Mail,
            e.Identities,
            e.SignInActivity // just provided in the Microsoft.Graph.Beta package 
        })
    .Filter($"identities/any(id:id/issuer eq ' ' and id/issuerAssignedId eq '{element}')");
    batchRequestContent.AddBatchRequestStep(userRequest2);
}

var returnedResponse = await client.Batch.Request().PostAsync(batchRequestContent);

try
{
    var user = await returnedResponse
        .GetResponsesAsync();
    user.Dump();
}
catch (ServiceException ex)
{
    Console.WriteLine($"Failed to get user: {ex.Error.Message}");
}

private static async Task<GraphServiceClient> GetGraphApiClient()
{
    var clientId = "<Client-Id-Of-your-app-with-graph-access>";
    var secret = "<Client-Secret-Of-your-app-with-graph-access>";
    var tenant = "<tenant-id>";

    string[] scopes = new string[] { "AuditLog.Read.All", "User.Read.All" };

    IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
            .Create(clientId)
            .WithTenantId(tenant)
            .WithClientSecret(secret)
            .Build();
    ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);

var serviceToken = await authProvider.ClientApplication.AcquireTokenForClient(new string[] { "https://graph.microsoft.com/.default" }).ExecuteAsync();

    return new GraphServiceClient(authProvider);

}