为什么图形 API 不能正确提供 AAD 用户的最后活动情况

huangapple go评论79阅读模式
英文:

Why Graph API not providing AAD users last activity correctly

问题

我使用Graph API来获取AAD用户列表。为了查找最新的登录日期,我正在利用从Graph API获取的AdditionalData字典结果。但是我得到的数据不完整。对于同一个用户,有时我会得到结果,有时不会,而且有时即使是过去的日期,最后的登录日期也会更改。

示例:
 
我调用这个方法,对于用户X,我得到2022年12月1日作为最后登录日期,但第二天如果我再次检查,对于同一个用户X,它显示2023年2月2日,考虑到这两个日期都是过去的日期。

我没有门户访问权限来验证,所以我有点困惑。在这个过程中,我是否做错了什么?

注意:我正在使用Beta Graph API URL。

英文:

I'm using Graph api to fetch AAD users list

        internal static async Task<List<Users>> GetUsers()
        {
            List<Users> uList = new List<Users>();
            try
            {
                IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
               .Create(AppId)
               .WithTenantId(TenantId)
               .WithClientSecret(ClientSecret)
               .Build();

                ClientCredentialProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);

                GraphServiceClient graphClient = new GraphServiceClient(authProvider);
                graphClient.BaseUrl = Constant.BaseUrl;

                var result = await graphClient.Users
                    .Request()
                    .Select("Id,Mail,signInActivity")
                    .GetAsync();
                while (true)
                {
                    foreach (var item in result.CurrentPage)
                    {
                        var user = new Users
                        {
                            Id = item.Id,
                            EmailId = item.Mail,                            
                            AdditionalData = item.AdditionalData,
                            User = item
                        };
                        var lastActivityDictonery = item.AdditionalData;
                        var arr = ToStringArray(lastActivityDictonery["signInActivity"]);

                        var parsedJson = JObject.Parse(arr[0]);
                        var lastSignInDateTime = Convert.ToString(parsedJson["lastSignInDateTime"]);
                        var lastNonInteractiveSignInDateTime = Convert.ToString(parsedJson["lastNonInteractiveSignInDateTime"]);
                        user.LastLoginDate = lastSignInDateTime;
                        user.lastNonInteractiveLogInDate = lastNonInteractiveSignInDateTime;
                        
                        uList.Add(user);
                    }

                    if (result.NextPageRequest is null)
                        break;

                    result = await result
                      .NextPageRequest
                      .GetAsync()
                      .ConfigureAwait(false);
                }
            }
            catch (Exception ex)
            {
                log.LogError(ex.ToString());
            }

            return _userList;
        }

        static string[] ToStringArray(object arg)
        {
            var collection = arg as System.Collections.IEnumerable;
            if (collection != null)
            {
                return collection
                  .Cast<object>()
                  .Select(x => x.ToString())
                  .ToArray();
            }

            if (arg == null)
            {
                return new string[] { };
            }

            return new string[] { arg.ToString() };
        }


To find the latest sign-in date, I'm utilizing AdditionalData dictionary results that I obtained from a graph API. But data I'm getting not complete. For the same user sometime, I get results and sometime not and sometimes last login date also get change even if its past date.

Example:
 
I call this method and for X user I got 1st Dec 2022 as last signin date but then next day if I do check again then for same X user it shows 2nd Feb 2023 consider both are past date.

I don't have portal access to verify it so I'm bit confused. Am I doing something wrong in this process?

> Note: I'm using Beta graph API URL

答案1

得分: 2

根据您的描述,恐怕用户属性中的signInActivity是您应该使用以获取最后一次登录时间的内容。

请注意,这需要AuditLog.Read.All权限和Azure AD Premium P1/P2许可证

顺便说一下,我没有找到任何关于AdditionalData包含用户登录信息的文件。因此,我认为这不是获取此属性中的登录信息的好方法。

英文:

Accourding to your description, I'm afraid signInActivity in user property is what you should use to get the last sign in time.

Please note AuditLog.Read.All permission and Azure AD Premium P1/P2 license is necessary for this property.

By the way, I didn't find a document which explain or mention AdditionalData containing user sign in information. So I don't think it can be a good way to get sign in information in this property.

为什么图形 API 不能正确提供 AAD 用户的最后活动情况

答案2

得分: 1

你可以像这样获得JSON数据。

await graphClient.Users.Request().Select("id,displayName,companyName,mail,mobilePhone,userType,createdDateTime,Guest,signInActivity").GetAsync();

然后,如果你有权限,你应该在AdditionalData中获取它。

英文:

you can get it as json if you do like this.

await graphClient.Users.Request().Select("id,displayName,companyName,mail,mobilePhone,userType,createdDateTime,Guest,signInActivity").GetAsync();

Then you should get it in AdditionalData if you have premission

huangapple
  • 本文由 发表于 2023年4月10日 21:11:19
  • 转载请务必保留本文链接:https://go.coder-hub.com/75977440.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定