我们公司正在开发基于Azure组件和连接到Azure的客户端桌面应用程序的系统.我们的安装代码会通过Azure API和Azure部署自动化功能自动部署Azure组件.正在部署的这些组件之一是我们在Azure Active Directory中注册的Web App/API.我们的部署代码通过Azure API在Azure中创建此应用,并在Azure中为此应用设置所需权限".所需的权限是:
Our company is developing a system that is based on Azure components and a client desktop application that connects to Azure. The Azure components are being deployed automatically by our setup code via the Azure API and Azure deployment automation. One of these components being deployed is a Web App / API that we register in the Azure Active Directory. Our deployment code creates this app in Azure via the Azure API and sets the "Required permissions" for this app in Azure. The required permissions are:
一旦使用Azure设置了应用程序,便有了客户端桌面应用程序.在我们的客户端桌面应用程序中,用户可以登录到Azure,然后我们要访问创建的应用程序.因此,我们的客户端桌面应用程序基本上会显示Azure登录框以登录到Azure,然后尝试访问Azure中的Web应用程序,我们得到了这一点:
Once the application is set up with Azure we then have our client desktop application. In our client desktop application the user can log into the Azure and then we want to access the created application. So our client desktop application basically displays the Azure login box to log into Azure and then it tries to access the Web application in Azure, and we got this:
好,所以我可以手动解决它:如果我以Admin身份登录到Azure,并且通过单击授予权限"按钮手动授予权限,则上面显示的消息将不再显示,并且一切都会顺利进行.我单击的授予权限"按钮是:
OK, so I can manually solve it: if I log into Azure as Admin and I manually grant the permissions by clicking the "Grant Permissions" button, the message shown above will not be shown anymore and everything will work smoothly. The "Grant Permissions" button I click is this:
但是不幸的是,我们不能采用这种手动授予权限的方式,我们需要找到一种通过C#代码以编程方式实现权限的方式.这是我们的业务要求.因此,现有的C#代码在Azure AD中创建应用程序,为其设置所需的权限,而缺少的部分是一个C#代码段,该代码段将自动授予权限-这样用户就不会看到上面的警告消息. 我一直在研究各种在线资源,但还没有找到一种通过C#代码来实现的方法-不幸的是.有没有一种方法可以自动授予权限?任何C#代码段? Azure API调用?电源外壳?任何事物?
But unfortunately we cannot go this way of granting the permissions manually, we need to find a way to do it programmatically - by C# code. This is our business requirement. So the existing C# code creates the application in Azure AD, sets the required permissions for it, and the missing part is a C# snippet that will automatically grant the permissions - so that the users don't see the warning message above. I've been looking into various online resources and haven't found a way to do it by C# code as yet - unfortunately. Is there a way to grant the permissions automatically? Any C# snippet? Azure API call? Powershell? Anything?
关于我们的应用程序请求的权限的详细信息: 对于Microsoft Graph,我们需要这些权限作为应用程序权限":
Regarding details of permissions that our application requests: For the Microsoft Graph we required those permissions as Application Permissions:
以及作为委派权限的那些人:
And those as Delegated Permissions:
对于Windows Azure Active Directory,所需的权限为:
For Windows Azure Active Directory the required permissions are:
推荐答案
上述问题已由@Saca和@Nan Yu回答.现在可以关闭了.基于为正在创建的应用程序的ServicePrincipal创建OAuth2PermissionGrant和AppRoleAssignment对象的解决方案是解决问题的正确方法,我已经设法解决了这一问题.
The question has been answered above by @Saca and @Nan Yu. It can be closed now. The solution based on creating OAuth2PermissionGrant and AppRoleAssignment objects for the ServicePrincipal of an application being created is the right way to solve the problem, I have managed to solve the problem this way.
更多推荐
自动授予对Azure Active Directory Web应用程序的权限
发布评论