使用MVC或C#.NET应用程序编辑Azure AD应用程序的requiredResourceAccess

问题描述:

我正在运行 C#应用程序中的 PowerShell 代码,以在Azure AD中注册一个应用程序(在Azure AD中创建一个应用程序).我想为" Power BI Service "和" Windows Azure Active Directory ".

I am running PowerShell code from C# app to register an application in Azure AD (create an application in Azure AD).I want to Add and Grant permissions for "Power BI Service" and "Windows Azure Active Directory" on this registered application.

我发现我们还可以编辑Azure AD应用程序的Manifest并传递requiredResourceAccess数组.这将自动添加并授予该应用程序的权限.

I found that we can also edit the Manifest of Azure AD application and pass requiredResourceAccess array. This will automatically add and grant permission for the application.

请帮助我使用PowerShell命令,这些命令可以使用C#代码或C#代码运行,以编辑应用程序的Manifest ,以便以编程方式向Azure广告应用程序添加授予和权限.

Please help me with PowerShell commands which can be run using C# code or C# code to edit Manifest of application so that add grant and permissions to Azure Ad Application programatically.

请尝试下面的powershell命令,在示例中,它授予Windows Azure Active Directory api和Power BI Service api的某些权限.

Try the powershell command below, in the sample, it grants the some permissions of Windows Azure Active Directory api and Power BI Service api.

$req = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$acc1 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "311a71cc-e848-46a1-bdf8-97ff7156d8e6","Scope"
$acc2 = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "aaff0dfd-0295-48b6-a5cc-9f465bc87928","Role"
$req.ResourceAccess = $acc1,$acc2
$req.ResourceAppId = "00000002-0000-0000-c000-000000000000"

$reqe = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess"
$acc1e = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "ddb3ca45-a192-477d-acb2-46bf9dc586de","Scope"
$acc2e = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" -ArgumentList "28379fa9-8596-4fd9-869e-cb60a93b5d84","Role"
$reqe.ResourceAccess = $acc1e,$acc2e
$reqe.ResourceAppId = "00000009-0000-0000-c000-000000000000"

Set-AzureADApplication -ObjectId <ObjectId> -RequiredResourceAccess @($req,$reqe)