A ServicePrincipal, created with Microsoft Graph Service Client, won't show up as an 'Enterprise Application' in AAD. What am I missing?

huangapple go评论73阅读模式
英文:

A ServicePrincipal, created with Microsoft Graph Service Client, won't show up as an 'Enterprise Application' in AAD. What am I missing?

问题

I'll provide the translation for the code you provided:

我正在尝试从代码中创建我的应用程序注册(Application)和企业应用程序(ServicePrincipal)。但是,虽然服务主体已创建,但当我转到AAD管理中心的“企业应用程序”时,它并没有显示。

以下是我用于创建应用程序和服务主体的代码。
我已向应用程序添加了User.Read权限,因为我找到的建议说,除非应用程序具有权限,否则ServicePrincipal不会显示为企业应用程序。

我已将ServicePrincipalType设置为“Application”,根据[文档](https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object) ,这似乎是正确的类型。我已验证在“企业应用程序”中显示的ServicePrincipal的类型设置为Application。

Please note that I've translated the code portion and not the non-code parts as per your request. If you need further assistance with this code or have any questions, feel free to ask.

英文:

I'm trying to create my app registration (Application) and enterprise application (ServicePrincipal) from code. But, though the service principal is created, it does not show when I go to Enterprise Applications in de AAD admin center.

Below is the code that I use to create the application and service principal.
I have added the User.Read permission to the application as I found suggestions that said a ServicePrincipal would not show as a Enterprise Application unless the application had a permission.

I have set the ServicePrincipalType to Application as, according to the documentation, that seems to be the correct type. I have verified that the type of a ServicePrincipal that does show up in 'Enterprise Applications' is set to Application.

var microsoftGraphAppId = "00000003-0000-0000-c000-000000000000";

var microsoftGraphServicePrinciple = _graphClient.ServicePrincipals.Request().Filter($"appId eq '{microsoftGraphAppId}'").GetAsync().Result.First();

var user_read_id = microsoftGraphServicePrinciple.Oauth2PermissionScopes.First(p => p.Value == "User.Read").Id;

var newApplication = new Application
{
    DisplayName = $"TestApp - {DateTime.Now.ToShortTimeString()}",
    SignInAudience = "AzureADMyOrg",
    RequiredResourceAccess = new List<RequiredResourceAccess>
    {
        new RequiredResourceAccess
        {
            ResourceAppId = microsoftGraphAppId,
            ResourceAccess = new List<ResourceAccess>
            {
                new ResourceAccess
                {
                    Id = user_read_id,
                    Type = "Scope"
                }
            }
        }
    },
};
var application = _graphClient.Applications.Request().AddAsync(newApplication).Result;

var newServicePrincipal = new ServicePrincipal
{
    AppId = application.AppId,
    ServicePrincipalType = "Application",
};
var servicePrincipal = _graphClient.ServicePrincipals.Request().AddAsync(newServicePrincipal).Result;

答案1

得分: 2

You need to add a tag with value WindowsAzureActiveDirectoryIntegratedApp according to this documentation

So your code should be (please correct the syntax for tags as needed. I haven't tried it in VS)

var newServicePrincipal = new ServicePrincipal
{
    AppId = application.AppId,
    ServicePrincipalType = "Application",
    Tags = new [] {"WindowsAzureActiveDirectoryIntegratedApp"}
};
英文:

You need to add a tag with value WindowsAzureActiveDirectoryIntegratedApp according to this documentation

So your code should be (please correct the syntax for tags as needed. I haven't tried it in VS)

var newServicePrincipal = new ServicePrincipal
{
    AppId = application.AppId,
    ServicePrincipalType = "Application",
	Tags = new [] {"WindowsAzureActiveDirectoryIntegratedApp"}
};

huangapple
  • 本文由 发表于 2023年4月6日 21:24:13
  • 转载请务必保留本文链接:https://go.coder-hub.com/75950056.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定