我有一个 Azure AD B2C 租户和应用程序,其中启用了使用 Facebook、其他 AAD 和本地帐户的身份验证。 B2C 中的用户有一些自定义字段,这些字段在注册时填充并用作 JWT token 中的声明。
但我无法在 Azure 门户中的任何地方看到此字段值,也无法使用 Microsoft Graph API。
它们存储在哪里以及如何访问它们?
最佳答案
您可以通过将自定义声明包含在发送到应用程序的 token 中或通过查询 Azure AD Graph API(目前还不是 Microsoft Graph)来访问自定义声明。
- 在 token 中包含自定义声明:在 Azure 门户的 B2C 边栏选项卡中,选择您正在使用的策略,单击“编辑”、“应用程序声明”并选择自定义属性。 Full documentation
- 查询Azure AD Graph API:注册一个Azure AD应用程序,查询Azure AD Graph API。 Full documentation
这是#2 的一些 C# 代码
// The client_id, client_secret, and tenant are pulled in from the App.config file
var clientId = "YOUR_CLIENT_ID";
var clientSecret = "YOUR_CLIENT_SECRET";
var tenant = "yourtenant.onmicrosoft.com";
var userObjectID = "OID_OF_THE_USER"
var query = "/users/" + userObjectId
this.authContext = new AuthenticationContext("https://login.microsoftonline.com/" + tenant);
// The ClientCredential is where you pass in your client_id and client_secret, which are
// provided to Azure AD in order to receive an access_token using the app's identity.
this.credential = new ClientCredential(clientId, clientSecret);
// First, use ADAL to acquire a token using the app's identity (the credential)
// The first parameter is the resource we want an access_token for; in this case, the Graph API.
AuthenticationResult result = authContext.AcquireToken("https://graph.windows.net", credential);
// For B2C user managment, be sure to use the Azure AD Graph API for now.
HttpClient http = new HttpClient();
string url = "https://graph.windows.net/" + tenant + api + "?" + Globals.aadGraphVersion;
url += "&" + query;
// Append the access token for the Graph API to the Authorization header of the request, using the Bearer scheme.
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, url);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
HttpResponseMessage response = await http.SendAsync(request);
if (!response.IsSuccessStatusCode)
{
string error = await response.Content.ReadAsStringAsync();
object formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error Calling the Graph API: \n" + JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
return await response.Content.ReadAsStringAsync();
关于microsoft-graph-api - 如何获取自定义 Azure AD B2C 用户配置文件属性的值,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47349727/