在 ASP.NET MVC 组织帐户中访问 Azure AD Graph API

Access Azure AD Graph API in ASP.NET MVC Organizational account

我正在尝试根据登录用户的 AD 组限制页面访问。我对以下代码有疑问。

   var tenantId = incomingPrincipal.FindFirst(GraphConfiguration.TenantIdClaimType).Value;

 //create Azure Graph Api client to make api calls
 var client = Helpers.AzureGraphAPIFunctions.GetActiveDirectoryClient(tenantId);

 IGroup group = client.Groups.Where(x => x.DisplayName == groupName).ExecuteSingleAsync().Result;

这些代码工作正常,通过 groupName 为我获取广告组,但有时会抛出异常

"Tenant information is not available locally. Use the following Urls to get the information."

{"odata.error":{"code":"Directory_BindingRedirection","message":{"lang":"en","value":"Tenant information is not available locally. Use the following Urls to get the information."},
"values":[
          {"item":"Url1","value":"https:\/\/directory-s1-ch1.directory.windows.net"},
          {"item":"Url2","value":"https:\/\/directory-s1-sn2.directory.windows.net"},
          {"item":"Url3","value":"https:\/\/directory-s1-co1.directory.windows.net"},
          {"item":"Url4","value":"https:\/\/directory-s1-bl2.directory.windows.net"}
         ]}}

有什么想法吗?

谢谢

各位,

我们目前正在调查此问题(您应该不会看到此错误)。它看起来像一个回归。当我有更多信息时会更新此线程。

更新:
现在应该解决此问题。我们更新了我们的网关逻辑,破坏了我们的一些 retry/redirect 逻辑。我们现在也安装了一些监视器,可以更快地检测到这个问题(我们应该再次犯同样的错误)。

对受此事件影响的人表示歉意。