問(wèn)題描述
我正在嘗試使用 Azure Active Directory Graph API(帶有 Azure GraphClient nuget 包)在 Azure AD 中創(chuàng)建一個(gè)新應(yīng)用程序.
I'm trying to use the Azure Active Directory Graph API (with the Azure GraphClient nuget package) to create a new application in Azure AD.
我已經(jīng)使用現(xiàn)有的 AAD 應(yīng)用程序進(jìn)行了身份驗(yàn)證,因此我對(duì)目錄具有寫入權(quán)限.
I've authenticated using an existing AAD application, so I have write access to the directory.
但是,當(dāng)創(chuàng)建新的應(yīng)用程序?qū)ο髸r(shí),Azure Graph API 會(huì)返回此錯(cuò)誤:
However, when creating the new application object the Azure Graph API returns this error:
{"odata.error": {
"code":"Request_BadRequest",
"message": {
"lang":"en",
"value":"Property value cannot have duplicate id or claim values."
},
"values":
[{
"item":"PropertyName",
"value":"None"
},
{
"item":"PropertyErrorCode",
"value":"DuplicateValue"
}
]
}
}
它沒(méi)有說(shuō)明哪個(gè)屬性具有重復(fù)的 id 或聲明值 - 錯(cuò)誤消息中有兩個(gè)空格,就好像名稱丟失一樣.
It doesn't say which property has a duplicate id or claim value - there are two spaces in the error message as if the name is missing.
創(chuàng)建應(yīng)用程序?qū)ο蟮拇a是這樣的:
The code which creates the Application object is this:
var appname = "Test Application create " + DateTime.Now.Ticks;
var application = new Application()
{
AvailableToOtherTenants = false,
DisplayName = appname,
ErrorUrl = null,
GroupMembershipClaims = null,
Homepage = "http://www.domain.com",
IdentifierUris = new List<string>() {{"https://domain.com/"+ appname } },
KeyCredentials = new List<KeyCredential>(),
KnownClientApplications = new List<Guid>(),
LogoutUrl = null,
Oauth2AllowImplicitFlow = false,
Oauth2AllowUrlPathMatching = false,
Oauth2Permissions = new List<OAuth2Permission>()
{
{
new OAuth2Permission()
{
AdminConsentDescription =
$"Allow the application to access {appname} on behalf of the signed-in user.",
AdminConsentDisplayName = $"Access {appname}",
Id = Guid.NewGuid(),
IsEnabled = true,
Type = "User",
UserConsentDescription =
$"Allow the application to access {appname} on your behalf.",
UserConsentDisplayName = $"Access {appname}",
Value = "user_impersonation"
}
}
},
Oauth2RequirePostResponse = false,
PasswordCredentials = new List<PasswordCredential>(),
PublicClient = false,
ReplyUrls = new List<string>(),
RequiredResourceAccess = new List<RequiredResourceAccess>(),
SamlMetadataUrl = null,
ExtensionProperties = new List<ExtensionProperty>(),
Manager = null,
ObjectType = "Application",
DeletionTimestamp = null,
CreatedOnBehalfOf = null,
CreatedObjects = new List<DirectoryObject>(),
DirectReports = new List<DirectoryObject>(),
Members = new List<DirectoryObject>(),
MemberOf = new List<DirectoryObject>(),
Owners = new List<DirectoryObject>(),
OwnedObjects = new List<DirectoryObject>()
};
await client.Applications.AddApplicationAsync(application);
我錯(cuò)過(guò)了房產(chǎn)嗎?似乎沒(méi)有任何非唯一屬性,并且應(yīng)用程序是使用唯一名稱創(chuàng)建的.
Am I missing a property? There doesn't seem to be any non-unique properties, and the application is created with a unique name.
推薦答案
錯(cuò)誤信息確實(shí)很混亂,但問(wèn)題是你試圖定義一個(gè)scope值(user_impersonation
) 已經(jīng)定義了.
The error message is indeed very confusing, but the problem is that you are trying to define a scope value (user_impersonation
) that is already defined.
如果你運(yùn)行這段代碼,你會(huì)發(fā)現(xiàn)應(yīng)用程序在你的目錄中創(chuàng)建成功:
If you run this code, you'll find that the application is created successfully in your directory:
var appname = "Test Application create " + DateTime.Now.Ticks;
var application = new Application()
{
AvailableToOtherTenants = false,
DisplayName = appname,
ErrorUrl = null,
GroupMembershipClaims = null,
Homepage = "http://www.domain.com",
IdentifierUris = new List<string>() {{"https://domain.com/"+ "Test" } },// CHANGED LINE
KeyCredentials = new List<KeyCredential>(),
KnownClientApplications = new List<Guid>(),
LogoutUrl = null,
Oauth2AllowImplicitFlow = false,
Oauth2AllowUrlPathMatching = false,
Oauth2Permissions = new List<OAuth2Permission>()
{
{
new OAuth2Permission()
{
AdminConsentDescription =
$"Allow the application to access {appname} on behalf of the signed-in user.",
AdminConsentDisplayName = $"Access {appname}",
Id = Guid.NewGuid(),
IsEnabled = true,
Type = "User",
UserConsentDescription =
$"Allow the application to access {appname} on your behalf.",
UserConsentDisplayName = $"Access {appname}",
Value = "custom_scope" // CHANGED LINE
}
}
},
Oauth2RequirePostResponse = false,
PasswordCredentials = new List<PasswordCredential>(),
PublicClient = false,
ReplyUrls = new List<string>(),
RequiredResourceAccess = new List<RequiredResourceAccess>(),
SamlMetadataUrl = null,
ExtensionProperties = new List<ExtensionProperty>(),
Manager = null,
ObjectType = "Application",
DeletionTimestamp = null,
CreatedOnBehalfOf = null,
CreatedObjects = new List<DirectoryObject>(),
DirectReports = new List<DirectoryObject>(),
Members = new List<DirectoryObject>(),
MemberOf = new List<DirectoryObject>(),
Owners = new List<DirectoryObject>(),
OwnedObjects = new List<DirectoryObject>()
};
await client.Applications.AddApplicationAsync(application);
另外,您的 IdentifierUris
不能包含空格,因此我已將其更改為硬編碼字符串.
Also, your IdentifierUris
cannot contain spaces, so I've changed it to a hardcoded string.
HTH
這篇關(guān)于使用圖形 API 在 Azure Active Directory 中創(chuàng)建應(yīng)用程序失敗的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!