Add role to already created application using Azure AD Graph API in C#












0














How to add roles in application that is already created on azure ad using Azure AD Graph API in c#.

I create role like this in c#:



 Guid _id = new Guid();

AppRole appRole = new AppRole

{
AllowedMemberTypes = _AllowedMemberTypes,
Description = "Admins can manage roles and perform all actions.",
DisplayName = "Global Admin",
Id = _id,
IsEnabled = true,
Value = "Admin"
};


What call will be used to add this new role in application using Azure AD Graph API.










share|improve this question





























    0














    How to add roles in application that is already created on azure ad using Azure AD Graph API in c#.

    I create role like this in c#:



     Guid _id = new Guid();

    AppRole appRole = new AppRole

    {
    AllowedMemberTypes = _AllowedMemberTypes,
    Description = "Admins can manage roles and perform all actions.",
    DisplayName = "Global Admin",
    Id = _id,
    IsEnabled = true,
    Value = "Admin"
    };


    What call will be used to add this new role in application using Azure AD Graph API.










    share|improve this question



























      0












      0








      0







      How to add roles in application that is already created on azure ad using Azure AD Graph API in c#.

      I create role like this in c#:



       Guid _id = new Guid();

      AppRole appRole = new AppRole

      {
      AllowedMemberTypes = _AllowedMemberTypes,
      Description = "Admins can manage roles and perform all actions.",
      DisplayName = "Global Admin",
      Id = _id,
      IsEnabled = true,
      Value = "Admin"
      };


      What call will be used to add this new role in application using Azure AD Graph API.










      share|improve this question















      How to add roles in application that is already created on azure ad using Azure AD Graph API in c#.

      I create role like this in c#:



       Guid _id = new Guid();

      AppRole appRole = new AppRole

      {
      AllowedMemberTypes = _AllowedMemberTypes,
      Description = "Admins can manage roles and perform all actions.",
      DisplayName = "Global Admin",
      Id = _id,
      IsEnabled = true,
      Value = "Admin"
      };


      What call will be used to add this new role in application using Azure AD Graph API.







      c# azure azure-active-directory azure-ad-graph-api






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 23 '18 at 11:19

























      asked Nov 23 '18 at 7:35









      umer

      8691015




      8691015
























          2 Answers
          2






          active

          oldest

          votes


















          2














          Finally i was able to create a new role on azure using Azure Ad Graph API



          1) Create a Role:



          Guid _id = Guid.NewGuid();
          List<String> _AllowedMemberTypes = new List<string> {
          "User"
          };
          AppRole appRole = new AppRole
          {
          AllowedMemberTypes = _AllowedMemberTypes,
          Description = "Admins can manage roles and perform all actions.",
          DisplayName = "Global Admin",
          Id = _id,
          IsEnabled = true,
          Value = "Admin"

          };


          2) Get Application in which role needed to be created:



          IPagedCollection<IApplication> pagedCollection = await activeDirectoryClient.Applications.Where(x => x.AppId == AppclientId).ExecuteAsync();
          var appObject = pagedCollection.CurrentPage.ToList().FirstOrDefault();


          3) Add Role to Applicationa and Update Application:



           appObject.AppRoles.Add(appRole as AppRole);
          await appObject.UpdateAsync();





          share|improve this answer





























            0














            You could refer to the code as below to assign application role.



            1.get access token



            private static async Task<string> GetAppTokenAsync(string graphResourceId, string tenantId, string clientId, string secretKey)
            {
            string aadInstance = "https://login.microsoftonline.com/" + tenantId + "/oauth2/token";
            AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);
            var result = await authenticationContext.AcquireTokenAsync(graphResourceId,
            new ClientCredential(clientId, userId));
            return result.AccessToken;
            }


            2.Init the graphclient.



            var graphResourceId = "https://graph.windows.net";
            var tenantId = "tenantId";
            var clientId = "client Id";
            var secretKey = "secret key";
            var servicePointUri = new Uri(graphResourceId);
            var serviceRoot = new Uri(servicePointUri, tenantId);
            var activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await GetAppTokenAsync(graphResourceId, tenantId, clientId, secretKey));


            3.create role



            AppRole appRole = new AppRole
            {
            Id = Guid.NewGuid(),
            IsEnabled = true,
            Description = "Admins can manage roles and perform all actions.",
            DisplayName = "Global Admin",
            Value = "Admin"
            };


            4.add role assginments



            User user = (User) activeDirectoryClient.Users.GetByObjectId("userobjectId").ExecuteAsync().Result;
            AppRoleAssignment appRoleAssignment = new AppRoleAssignment
            {
            Id = appRole.Id,
            ResourceId = Guid.Parse(newServicePrincpal.ObjectId),
            PrincipalType = "User",
            PrincipalId = Guid.Parse(user.ObjectId),

            };
            user.AppRoleAssignments.Add(appRoleAssignment);
            user.UpdateAsync().Wait();





            share|improve this answer





















            • @joey_cai AppRoleAssignmentsmethod is used to assign already created role to a user. But i want to create a new role in azure application using Azure AD Graph API in c#
              – umer
              Nov 23 '18 at 11:22











            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53442413%2fadd-role-to-already-created-application-using-azure-ad-graph-api-in-c-sharp%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            2














            Finally i was able to create a new role on azure using Azure Ad Graph API



            1) Create a Role:



            Guid _id = Guid.NewGuid();
            List<String> _AllowedMemberTypes = new List<string> {
            "User"
            };
            AppRole appRole = new AppRole
            {
            AllowedMemberTypes = _AllowedMemberTypes,
            Description = "Admins can manage roles and perform all actions.",
            DisplayName = "Global Admin",
            Id = _id,
            IsEnabled = true,
            Value = "Admin"

            };


            2) Get Application in which role needed to be created:



            IPagedCollection<IApplication> pagedCollection = await activeDirectoryClient.Applications.Where(x => x.AppId == AppclientId).ExecuteAsync();
            var appObject = pagedCollection.CurrentPage.ToList().FirstOrDefault();


            3) Add Role to Applicationa and Update Application:



             appObject.AppRoles.Add(appRole as AppRole);
            await appObject.UpdateAsync();





            share|improve this answer


























              2














              Finally i was able to create a new role on azure using Azure Ad Graph API



              1) Create a Role:



              Guid _id = Guid.NewGuid();
              List<String> _AllowedMemberTypes = new List<string> {
              "User"
              };
              AppRole appRole = new AppRole
              {
              AllowedMemberTypes = _AllowedMemberTypes,
              Description = "Admins can manage roles and perform all actions.",
              DisplayName = "Global Admin",
              Id = _id,
              IsEnabled = true,
              Value = "Admin"

              };


              2) Get Application in which role needed to be created:



              IPagedCollection<IApplication> pagedCollection = await activeDirectoryClient.Applications.Where(x => x.AppId == AppclientId).ExecuteAsync();
              var appObject = pagedCollection.CurrentPage.ToList().FirstOrDefault();


              3) Add Role to Applicationa and Update Application:



               appObject.AppRoles.Add(appRole as AppRole);
              await appObject.UpdateAsync();





              share|improve this answer
























                2












                2








                2






                Finally i was able to create a new role on azure using Azure Ad Graph API



                1) Create a Role:



                Guid _id = Guid.NewGuid();
                List<String> _AllowedMemberTypes = new List<string> {
                "User"
                };
                AppRole appRole = new AppRole
                {
                AllowedMemberTypes = _AllowedMemberTypes,
                Description = "Admins can manage roles and perform all actions.",
                DisplayName = "Global Admin",
                Id = _id,
                IsEnabled = true,
                Value = "Admin"

                };


                2) Get Application in which role needed to be created:



                IPagedCollection<IApplication> pagedCollection = await activeDirectoryClient.Applications.Where(x => x.AppId == AppclientId).ExecuteAsync();
                var appObject = pagedCollection.CurrentPage.ToList().FirstOrDefault();


                3) Add Role to Applicationa and Update Application:



                 appObject.AppRoles.Add(appRole as AppRole);
                await appObject.UpdateAsync();





                share|improve this answer












                Finally i was able to create a new role on azure using Azure Ad Graph API



                1) Create a Role:



                Guid _id = Guid.NewGuid();
                List<String> _AllowedMemberTypes = new List<string> {
                "User"
                };
                AppRole appRole = new AppRole
                {
                AllowedMemberTypes = _AllowedMemberTypes,
                Description = "Admins can manage roles and perform all actions.",
                DisplayName = "Global Admin",
                Id = _id,
                IsEnabled = true,
                Value = "Admin"

                };


                2) Get Application in which role needed to be created:



                IPagedCollection<IApplication> pagedCollection = await activeDirectoryClient.Applications.Where(x => x.AppId == AppclientId).ExecuteAsync();
                var appObject = pagedCollection.CurrentPage.ToList().FirstOrDefault();


                3) Add Role to Applicationa and Update Application:



                 appObject.AppRoles.Add(appRole as AppRole);
                await appObject.UpdateAsync();






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 26 '18 at 6:44









                umer

                8691015




                8691015

























                    0














                    You could refer to the code as below to assign application role.



                    1.get access token



                    private static async Task<string> GetAppTokenAsync(string graphResourceId, string tenantId, string clientId, string secretKey)
                    {
                    string aadInstance = "https://login.microsoftonline.com/" + tenantId + "/oauth2/token";
                    AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);
                    var result = await authenticationContext.AcquireTokenAsync(graphResourceId,
                    new ClientCredential(clientId, userId));
                    return result.AccessToken;
                    }


                    2.Init the graphclient.



                    var graphResourceId = "https://graph.windows.net";
                    var tenantId = "tenantId";
                    var clientId = "client Id";
                    var secretKey = "secret key";
                    var servicePointUri = new Uri(graphResourceId);
                    var serviceRoot = new Uri(servicePointUri, tenantId);
                    var activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await GetAppTokenAsync(graphResourceId, tenantId, clientId, secretKey));


                    3.create role



                    AppRole appRole = new AppRole
                    {
                    Id = Guid.NewGuid(),
                    IsEnabled = true,
                    Description = "Admins can manage roles and perform all actions.",
                    DisplayName = "Global Admin",
                    Value = "Admin"
                    };


                    4.add role assginments



                    User user = (User) activeDirectoryClient.Users.GetByObjectId("userobjectId").ExecuteAsync().Result;
                    AppRoleAssignment appRoleAssignment = new AppRoleAssignment
                    {
                    Id = appRole.Id,
                    ResourceId = Guid.Parse(newServicePrincpal.ObjectId),
                    PrincipalType = "User",
                    PrincipalId = Guid.Parse(user.ObjectId),

                    };
                    user.AppRoleAssignments.Add(appRoleAssignment);
                    user.UpdateAsync().Wait();





                    share|improve this answer





















                    • @joey_cai AppRoleAssignmentsmethod is used to assign already created role to a user. But i want to create a new role in azure application using Azure AD Graph API in c#
                      – umer
                      Nov 23 '18 at 11:22
















                    0














                    You could refer to the code as below to assign application role.



                    1.get access token



                    private static async Task<string> GetAppTokenAsync(string graphResourceId, string tenantId, string clientId, string secretKey)
                    {
                    string aadInstance = "https://login.microsoftonline.com/" + tenantId + "/oauth2/token";
                    AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);
                    var result = await authenticationContext.AcquireTokenAsync(graphResourceId,
                    new ClientCredential(clientId, userId));
                    return result.AccessToken;
                    }


                    2.Init the graphclient.



                    var graphResourceId = "https://graph.windows.net";
                    var tenantId = "tenantId";
                    var clientId = "client Id";
                    var secretKey = "secret key";
                    var servicePointUri = new Uri(graphResourceId);
                    var serviceRoot = new Uri(servicePointUri, tenantId);
                    var activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await GetAppTokenAsync(graphResourceId, tenantId, clientId, secretKey));


                    3.create role



                    AppRole appRole = new AppRole
                    {
                    Id = Guid.NewGuid(),
                    IsEnabled = true,
                    Description = "Admins can manage roles and perform all actions.",
                    DisplayName = "Global Admin",
                    Value = "Admin"
                    };


                    4.add role assginments



                    User user = (User) activeDirectoryClient.Users.GetByObjectId("userobjectId").ExecuteAsync().Result;
                    AppRoleAssignment appRoleAssignment = new AppRoleAssignment
                    {
                    Id = appRole.Id,
                    ResourceId = Guid.Parse(newServicePrincpal.ObjectId),
                    PrincipalType = "User",
                    PrincipalId = Guid.Parse(user.ObjectId),

                    };
                    user.AppRoleAssignments.Add(appRoleAssignment);
                    user.UpdateAsync().Wait();





                    share|improve this answer





















                    • @joey_cai AppRoleAssignmentsmethod is used to assign already created role to a user. But i want to create a new role in azure application using Azure AD Graph API in c#
                      – umer
                      Nov 23 '18 at 11:22














                    0












                    0








                    0






                    You could refer to the code as below to assign application role.



                    1.get access token



                    private static async Task<string> GetAppTokenAsync(string graphResourceId, string tenantId, string clientId, string secretKey)
                    {
                    string aadInstance = "https://login.microsoftonline.com/" + tenantId + "/oauth2/token";
                    AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);
                    var result = await authenticationContext.AcquireTokenAsync(graphResourceId,
                    new ClientCredential(clientId, userId));
                    return result.AccessToken;
                    }


                    2.Init the graphclient.



                    var graphResourceId = "https://graph.windows.net";
                    var tenantId = "tenantId";
                    var clientId = "client Id";
                    var secretKey = "secret key";
                    var servicePointUri = new Uri(graphResourceId);
                    var serviceRoot = new Uri(servicePointUri, tenantId);
                    var activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await GetAppTokenAsync(graphResourceId, tenantId, clientId, secretKey));


                    3.create role



                    AppRole appRole = new AppRole
                    {
                    Id = Guid.NewGuid(),
                    IsEnabled = true,
                    Description = "Admins can manage roles and perform all actions.",
                    DisplayName = "Global Admin",
                    Value = "Admin"
                    };


                    4.add role assginments



                    User user = (User) activeDirectoryClient.Users.GetByObjectId("userobjectId").ExecuteAsync().Result;
                    AppRoleAssignment appRoleAssignment = new AppRoleAssignment
                    {
                    Id = appRole.Id,
                    ResourceId = Guid.Parse(newServicePrincpal.ObjectId),
                    PrincipalType = "User",
                    PrincipalId = Guid.Parse(user.ObjectId),

                    };
                    user.AppRoleAssignments.Add(appRoleAssignment);
                    user.UpdateAsync().Wait();





                    share|improve this answer












                    You could refer to the code as below to assign application role.



                    1.get access token



                    private static async Task<string> GetAppTokenAsync(string graphResourceId, string tenantId, string clientId, string secretKey)
                    {
                    string aadInstance = "https://login.microsoftonline.com/" + tenantId + "/oauth2/token";
                    AuthenticationContext authenticationContext = new AuthenticationContext(aadInstance, false);
                    var result = await authenticationContext.AcquireTokenAsync(graphResourceId,
                    new ClientCredential(clientId, userId));
                    return result.AccessToken;
                    }


                    2.Init the graphclient.



                    var graphResourceId = "https://graph.windows.net";
                    var tenantId = "tenantId";
                    var clientId = "client Id";
                    var secretKey = "secret key";
                    var servicePointUri = new Uri(graphResourceId);
                    var serviceRoot = new Uri(servicePointUri, tenantId);
                    var activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await GetAppTokenAsync(graphResourceId, tenantId, clientId, secretKey));


                    3.create role



                    AppRole appRole = new AppRole
                    {
                    Id = Guid.NewGuid(),
                    IsEnabled = true,
                    Description = "Admins can manage roles and perform all actions.",
                    DisplayName = "Global Admin",
                    Value = "Admin"
                    };


                    4.add role assginments



                    User user = (User) activeDirectoryClient.Users.GetByObjectId("userobjectId").ExecuteAsync().Result;
                    AppRoleAssignment appRoleAssignment = new AppRoleAssignment
                    {
                    Id = appRole.Id,
                    ResourceId = Guid.Parse(newServicePrincpal.ObjectId),
                    PrincipalType = "User",
                    PrincipalId = Guid.Parse(user.ObjectId),

                    };
                    user.AppRoleAssignments.Add(appRoleAssignment);
                    user.UpdateAsync().Wait();






                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Nov 23 '18 at 10:02









                    Joey Cai

                    4,464129




                    4,464129












                    • @joey_cai AppRoleAssignmentsmethod is used to assign already created role to a user. But i want to create a new role in azure application using Azure AD Graph API in c#
                      – umer
                      Nov 23 '18 at 11:22


















                    • @joey_cai AppRoleAssignmentsmethod is used to assign already created role to a user. But i want to create a new role in azure application using Azure AD Graph API in c#
                      – umer
                      Nov 23 '18 at 11:22
















                    @joey_cai AppRoleAssignmentsmethod is used to assign already created role to a user. But i want to create a new role in azure application using Azure AD Graph API in c#
                    – umer
                    Nov 23 '18 at 11:22




                    @joey_cai AppRoleAssignmentsmethod is used to assign already created role to a user. But i want to create a new role in azure application using Azure AD Graph API in c#
                    – umer
                    Nov 23 '18 at 11:22


















                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53442413%2fadd-role-to-already-created-application-using-azure-ad-graph-api-in-c-sharp%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    What visual should I use to simply compare current year value vs last year in Power BI desktop

                    How to ignore python UserWarning in pytest?

                    Alexandru Averescu