gpt4 book ai didi

azure - 我可以以编程方式邀请外部用户加入 Azure Active Directory 吗?

转载 作者:行者123 更新时间:2023-12-03 05:04:14 27 4
gpt4 key购买 nike

场景说明:我们正在构建一个托管在 Azure 中的 Multi-Tenancy SAAS 应用程序,并计划使用 AAD 对租户用户进行身份验证。

客户(租户)购买许可证后,我们希望以编程方式邀请第一个用户访问产品 Web 应用程序。

除此之外,我们计划在产品的 Web 应用程序中添加功能,以使管理员用户能够邀请其组织中的其他用户访问该 Web 应用程序。

即我们计划使用 AAD 作为我们在 Azure 中托管的产品的识别管理/身份验证提供程序。任何有关此方法的反馈都将不胜感激。

谢谢

最佳答案

对于你的场景,我认为使用代码和调用api来实现你的目标应该更好。您可以使用 Microsoft Graph 并使用 the invitation API创建新邀请。邀请将外部用户添加到组织。

Here is a code sample用于在“仅应用程序”模式下调用邀请 API 来邀请用户,以获取您邀请 B2B 用户访问的资源的兑换 URL。目标是发送自定义邀请电子邮件。电子邮件可以使用 HTTP 客户端编写,因此您可以自定义其外观并通过 Graph API 发送。

using System;
using System.Linq;
using System.Net.Http;
using System.Net.Http.Headers;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Newtonsoft.Json;

namespace SampleInviteApp {
class Program {
/// <summary>
/// Microsoft graph resource.
/// </summary>
static readonly string GraphResource = "https://graph.microsoft.com";

/// <summary>
/// Microsoft graph invite endpoint.
/// </summary>
static readonly string InviteEndPoint = "https://graph.microsoft.com/v1.0/invitations";

/// <summary>
/// Authentication endpoint to get token.
/// </summary>
static readonly string EstsLoginEndpoint = "https://login.microsoftonline.com";

/// <summary>
/// This is the tenantid of the tenant you want to invite users to.
/// </summary>
private static readonly string TenantID = "";

/// <summary>
/// This is the application id of the application that is registered in the above tenant.
/// The required scopes are available in the below link.
/// https://developer.microsoft.com/graph/docs/api-reference/v1.0/api/invitation_post
/// </summary>
private static readonly string TestAppClientId = "";

/// <summary>
/// Client secret of the application.
/// </summary>
private static readonly string TestAppClientSecret = "@";

/// <summary>
/// This is the email address of the user you want to invite.
/// </summary>
private static readonly string InvitedUserEmailAddress = @"";

/// <summary>
/// This is the display name of the user you want to invite.
/// </summary>
private static readonly string InvitedUserDisplayName = @"";

/// <summary>
/// Main method.
/// </summary>
/// <param name="args">Optional arguments</param>
static void Main(string[] args) {
Invitation invitation = CreateInvitation();
SendInvitation(invitation);
}

/// <summary>
/// Create the invitation object.
/// </summary>
/// <returns>Returns the invitation object.</returns>
private static Invitation CreateInvitation() {
// Set the invitation object.
Invitation invitation = new Invitation();
invitation.InvitedUserDisplayName = InvitedUserDisplayName;
invitation.InvitedUserEmailAddress = InvitedUserEmailAddress;
invitation.InviteRedirectUrl = "https://www.microsoft.com";
invitation.SendInvitationMessage = true;

return invitation;
}

/// <summary>
/// Send the guest user invite request.
/// </summary>
/// <param name="invitation">Invitation object.</param>
private static void SendInvitation(Invitation invitation) {
string accessToken = GetAccessToken();

HttpClient httpClient = GetHttpClient(accessToken);

// Make the invite call.
HttpContent content = new StringContent(JsonConvert.SerializeObject(invitation));
content.Headers.Add("ContentType", "application/json");

var postResponse = httpClient.PostAsync(InviteEndPoint, content).Result;
string serverResponse = postResponse.Content.ReadAsStringAsync().Result;
Console.WriteLine(serverResponse);
}

/// <summary>
/// Get the HTTP client.
/// </summary>
/// <param name="accessToken">Access token</param>
/// <returns>Returns the Http Client.</returns>
private static HttpClient GetHttpClient(string accessToken) {
// setup http client.
HttpClient httpClient = new HttpClient();
httpClient.Timeout = TimeSpan.FromSeconds(300);
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
httpClient.DefaultRequestHeaders.Add("client-request-id", Guid.NewGuid().ToString());

Console.WriteLine(
"CorrelationID for the request: {0}",
httpClient.DefaultRequestHeaders.GetValues("client-request-id").Single());

return httpClient;
}

/// <summary>
/// Get the access token for our application to talk to microsoft graph.
/// </summary>
/// <returns>Returns the access token for our application to talk to microsoft graph.</returns>
private static string GetAccessToken() {
string accessToken = null;

// Get the access token for our application to talk to microsoft graph.
try {
AuthenticationContext testAuthContext =
new AuthenticationContext(string.Format("{0}/{1}", EstsLoginEndpoint, TenantID));
AuthenticationResult testAuthResult = testAuthContext.AcquireTokenAsync(
GraphResource,
new ClientCredential(TestAppClientId, TestAppClientSecret)).Result;
accessToken = testAuthResult.AccessToken;

} catch (AdalException ex) {
Console.WriteLine("An exception was thrown while fetching the token: {0}.", ex);
throw;
}

return accessToken;
}

/// <summary>
/// Invitation class.
/// </summary>
public class Invitation {
/// <summary>
/// Gets or sets display name.
/// </summary>
public string InvitedUserDisplayName { get; set; }

/// <summary>
/// Gets or sets display name.
/// </summary>
public string InvitedUserEmailAddress { get; set; }

/// <summary>
/// Gets or sets a value indicating whether Invitation Manager should send the email to InvitedUser.
/// </summary>
public bool SendInvitationMessage { get; set; }

/// <summary>
/// Gets or sets invitation redirect URL
/// </summary>
public string InviteRedirectUrl { get; set; }
}
}
}

希望这有帮助!

关于azure - 我可以以编程方式邀请外部用户加入 Azure Active Directory 吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48659009/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com