6

我正在尝试使用 Azure Active Directory Graph API(带有 Azure GraphClient nuget 包)在 Azure AD 中创建一个新应用程序。

我已经使用现有的 AAD 应用程序进行了身份验证,因此我对目录具有写访问权。

但是,在创建新的应用程序对象时,Azure Graph API 会返回此错误:

{"odata.error": {
  "code":"Request_BadRequest",
    "message": {
      "lang":"en",
      "value":"Property  value cannot have duplicate id or claim values."
    },
    "values":
      [{
        "item":"PropertyName",
        "value":"None"
       },
       {
         "item":"PropertyErrorCode",
         "value":"DuplicateValue"
       }
     ]
   }
 }

它没有说明哪个属性具有重复的 id 或声明值 - 错误消息中有两个空格,就好像名称丢失一样。

创建 Application 对象的代码是这样的:

var appname = "Test Application create " + DateTime.Now.Ticks;
var application = new Application()
        {
            AvailableToOtherTenants = false,
            DisplayName = appname,
            ErrorUrl = null,
            GroupMembershipClaims = null,
            Homepage = "http://www.domain.com",
            IdentifierUris = new List<string>() {{"https://domain.com/"+ appname } },
            KeyCredentials = new List<KeyCredential>(),
            KnownClientApplications = new List<Guid>(),
            LogoutUrl = null,
            Oauth2AllowImplicitFlow = false,
            Oauth2AllowUrlPathMatching = false,
            Oauth2Permissions = new List<OAuth2Permission>()
            {
                {
                    new OAuth2Permission()
                    {
                        AdminConsentDescription =
                            $"Allow the application to access {appname} on behalf of the signed-in user.",
                        AdminConsentDisplayName = $"Access {appname}",
                        Id = Guid.NewGuid(),
                        IsEnabled = true,
                        Type = "User",
                        UserConsentDescription =
                            $"Allow the application to access {appname} on your behalf.",
                        UserConsentDisplayName = $"Access {appname}",
                        Value = "user_impersonation"
                    }
                }
            },
            Oauth2RequirePostResponse = false,
            PasswordCredentials = new List<PasswordCredential>(),
            PublicClient = false,
            ReplyUrls = new List<string>(),
            RequiredResourceAccess = new List<RequiredResourceAccess>(),
            SamlMetadataUrl = null,
            ExtensionProperties = new List<ExtensionProperty>(),
            Manager = null,
            ObjectType = "Application",
            DeletionTimestamp = null,
            CreatedOnBehalfOf = null,
            CreatedObjects = new List<DirectoryObject>(),
            DirectReports = new List<DirectoryObject>(),
            Members = new List<DirectoryObject>(),
            MemberOf = new List<DirectoryObject>(),
            Owners = new List<DirectoryObject>(),
            OwnedObjects = new List<DirectoryObject>()
  };
await client.Applications.AddApplicationAsync(application);

我错过了财产吗?似乎没有任何非唯一属性,并且应用程序是使用唯一名称创建的。

4

1 回答 1

7

错误消息确实非常令人困惑,但问题是您试图定义一个已经定义的范围值(user_impersonation)。

如果您运行此代码,您会发现应用程序已在您的目录中成功创建:

var appname = "Test Application create " + DateTime.Now.Ticks;
var application = new Application()
        {
            AvailableToOtherTenants = false,
            DisplayName = appname,
            ErrorUrl = null,
            GroupMembershipClaims = null,
            Homepage = "http://www.domain.com",
            IdentifierUris = new List<string>() {{"https://domain.com/"+ "Test" } },// CHANGED LINE
            KeyCredentials = new List<KeyCredential>(),
            KnownClientApplications = new List<Guid>(),
            LogoutUrl = null,
            Oauth2AllowImplicitFlow = false,
            Oauth2AllowUrlPathMatching = false,
            Oauth2Permissions = new List<OAuth2Permission>()
            {
                {
                    new OAuth2Permission()
                    {
                        AdminConsentDescription =
                            $"Allow the application to access {appname} on behalf of the signed-in user.",
                        AdminConsentDisplayName = $"Access {appname}",
                        Id = Guid.NewGuid(),
                        IsEnabled = true,
                        Type = "User",
                        UserConsentDescription =
                            $"Allow the application to access {appname} on your behalf.",
                        UserConsentDisplayName = $"Access {appname}",
                        Value = "custom_scope" // CHANGED LINE
                    }
                }
            },
            Oauth2RequirePostResponse = false,
            PasswordCredentials = new List<PasswordCredential>(),
            PublicClient = false,
            ReplyUrls = new List<string>(),
            RequiredResourceAccess = new List<RequiredResourceAccess>(),
            SamlMetadataUrl = null,
            ExtensionProperties = new List<ExtensionProperty>(),
            Manager = null,
            ObjectType = "Application",
            DeletionTimestamp = null,
            CreatedOnBehalfOf = null,
            CreatedObjects = new List<DirectoryObject>(),
            DirectReports = new List<DirectoryObject>(),
            Members = new List<DirectoryObject>(),
            MemberOf = new List<DirectoryObject>(),
            Owners = new List<DirectoryObject>(),
            OwnedObjects = new List<DirectoryObject>()
  };
await client.Applications.AddApplicationAsync(application);

此外,您IdentifierUris不能包含空格,因此我已将其更改为硬编码字符串。

高温高压

于 2016-01-14T05:24:08.140 回答