Azure的ActiveDirectory的圖形API GraphClient沒有返回廣告組

Question

我想要從Azure的AD用戶的組信息。

使用下面的圖形API包來實現這一

• Microsoft.Azure.ActiveDirectory.GraphClient
• Microsoft.IdentityModel.Clients.ActiveDirectory 2.13.112191810

我能夠成功從Azure圖形API檢索用戶信息。

但是當我運行這個方法來檢索用戶的羣體，提琴手顯示了包含JSON片段組信息的成功的HTTP 200響應但是該方法本身並不具有了IEnumerable返回。

IEnumerable<string> groups = user.GetMemberGroupsAsync(false).Result.ToList(); 

代碼似乎沒有從這個異步請求返回。

得到的經驗是空白頁，而認證的管道卡住。

的完整代碼

public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal) 
    { 
     if (!incomingPrincipal.Identity.IsAuthenticated == true && 
      _authorizationService.IdentityRegistered(incomingPrincipal.Identity.Name)) 
     { 
      return base.Authenticate(resourceName, incomingPrincipal); 
     } 

     _authorizationService.AddClaimsToIdentity(((ClaimsIdentity) incomingPrincipal.Identity)); 

     Claim tenantClaim = incomingPrincipal.FindFirst(TenantIdClaim); 

     if (tenantClaim == null) 
     { 
      throw new NotSupportedException("Tenant claim not available, role authentication is not supported"); 
     } 

     string tenantId = tenantClaim.Value; 
     string authority = String.Format(CultureInfo.InvariantCulture, _aadInstance, _tenant); 
     Uri servicePointUri = new Uri("https://graph.windows.net"); 
     ClientCredential clientCredential = new ClientCredential(_clientId, _password); 

     AuthenticationContext authContext = new AuthenticationContext(authority, true); 
     AuthenticationResult result = authContext.AcquireToken(servicePointUri.ToString(), clientCredential); 
     Token = result.AccessToken; 

     ActiveDirectoryClient activeDirectoryClient = 
      new ActiveDirectoryClient(new Uri(servicePointUri, tenantId), 
       async() => await AcquireTokenAsync()); 

     IUser user = activeDirectoryClient 
      .Users 
      .Where(x => x.UserPrincipalName.Equals(incomingPrincipal.Identity.Name)) 
      .ExecuteAsync() 
      .Result 
      .CurrentPage 
      .ToList() 
      .FirstOrDefault(); 

     if (user == null) 
     { 
      throw new NotSupportedException("Unknown User."); 
     }   

     IEnumerable<string> groups = user.GetMemberGroupsAsync(false).Result.ToList(); 


     return incomingPrincipal; 
    } 

Answer 1

我有同樣的問題。我的代碼是根據文檔 https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet

 IUserFetcher retrievedUserFetcher = (User) user; 
     IPagedCollection<IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result; 
     do { 
      List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList(); 
      foreach (IDirectoryObject directoryObject in directoryObjects) { 
       if (directoryObject is Group) { 
        Group group = directoryObject as Group; 
        ((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(
         new Claim(ClaimTypes.Role, group.DisplayName, ClaimValueTypes.String, "GRAPH")); 
       } 
      } 
      pagedCollection = pagedCollection.GetNextPageAsync().Result; 
     } while (pagedCollection != null && pagedCollection.MorePagesAvailable); 

Answer 2

IEnumerable的改變之後的工作，string groups = user.GetMemberGroupsAsync(false).Result.ToList()不起作用，因爲結果是類型不IEnumerable的，字符串。

IEnumerable<string> groups = await user.GetMemberGroupsAsync(false); 

上面的代碼會返回正確的類型。