我正在尝试使用 Azure Active Directory Graph API(带有 Azure GraphClient nuget 包)在 Azure AD 中创建一个新应用程序.
I'm trying to use the Azure Active Directory Graph API (with the Azure GraphClient nuget package) to create a new application in Azure AD.
我已经使用现有的 AAD 应用程序进行了身份验证,因此我对目录具有写入权限.
I've authenticated using an existing AAD application, so I have write access to the directory.
但是,当创建新的应用程序对象时,Azure Graph API 会返回此错误:
However, when creating the new application object the Azure Graph API returns this error:
{"odata.error": {
"message": {
"value":"Property value cannot have duplicate id or claim values."
它没有说明哪个属性具有重复的 id 或声明值 - 错误消息中有两个空格,就好像名称丢失一样.
It doesn't say which property has a duplicate id or claim value - there are two spaces in the error message as if the name is missing.
The code which creates the Application object is this:
var appname = "Test Application create " + DateTime.Now.Ticks;
var application = new Application()
AvailableToOtherTenants = false,
DisplayName = appname,
ErrorUrl = null,
GroupMembershipClaims = null,
Homepage = "http://www.domain.com",
IdentifierUris = new List<string>() {{"https://domain.com/"+ appname } },
KeyCredentials = new List<KeyCredential>(),
KnownClientApplications = new List<Guid>(),
LogoutUrl = null,
Oauth2AllowImplicitFlow = false,
Oauth2AllowUrlPathMatching = false,
Oauth2Permissions = new List<OAuth2Permission>()
new OAuth2Permission()
AdminConsentDescription =
$"Allow the application to access {appname} on behalf of the signed-in user.",
AdminConsentDisplayName = $"Access {appname}",
Id = Guid.NewGuid(),
IsEnabled = true,
Type = "User",
UserConsentDescription =
$"Allow the application to access {appname} on your behalf.",
UserConsentDisplayName = $"Access {appname}",
Value = "user_impersonation"
Oauth2RequirePostResponse = false,
PasswordCredentials = new List<PasswordCredential>(),
PublicClient = false,
ReplyUrls = new List<string>(),
RequiredResourceAccess = new List<RequiredResourceAccess>(),
SamlMetadataUrl = null,
ExtensionProperties = new List<ExtensionProperty>(),
Manager = null,
ObjectType = "Application",
DeletionTimestamp = null,
CreatedOnBehalfOf = null,
CreatedObjects = new List<DirectoryObject>(),
DirectReports = new List<DirectoryObject>(),
Members = new List<DirectoryObject>(),
MemberOf = new List<DirectoryObject>(),
Owners = new List<DirectoryObject>(),
OwnedObjects = new List<DirectoryObject>()
await client.Applications.AddApplicationAsync(application);
Am I missing a property? There doesn't seem to be any non-unique properties, and the application is created with a unique name.
) 已经定义了.
The error message is indeed very confusing, but the problem is that you are trying to define a scope value (user_impersonation
) that is already defined.
If you run this code, you'll find that the application is created successfully in your directory:
var appname = "Test Application create " + DateTime.Now.Ticks;
var application = new Application()
AvailableToOtherTenants = false,
DisplayName = appname,
ErrorUrl = null,
GroupMembershipClaims = null,
Homepage = "http://www.domain.com",
IdentifierUris = new List<string>() {{"https://domain.com/"+ "Test" } },// CHANGED LINE
KeyCredentials = new List<KeyCredential>(),
KnownClientApplications = new List<Guid>(),
LogoutUrl = null,
Oauth2AllowImplicitFlow = false,
Oauth2AllowUrlPathMatching = false,
Oauth2Permissions = new List<OAuth2Permission>()
new OAuth2Permission()
AdminConsentDescription =
$"Allow the application to access {appname} on behalf of the signed-in user.",
AdminConsentDisplayName = $"Access {appname}",
Id = Guid.NewGuid(),
IsEnabled = true,
Type = "User",
UserConsentDescription =
$"Allow the application to access {appname} on your behalf.",
UserConsentDisplayName = $"Access {appname}",
Value = "custom_scope" // CHANGED LINE
Oauth2RequirePostResponse = false,
PasswordCredentials = new List<PasswordCredential>(),
PublicClient = false,
ReplyUrls = new List<string>(),
RequiredResourceAccess = new List<RequiredResourceAccess>(),
SamlMetadataUrl = null,
ExtensionProperties = new List<ExtensionProperty>(),
Manager = null,
ObjectType = "Application",
DeletionTimestamp = null,
CreatedOnBehalfOf = null,
CreatedObjects = new List<DirectoryObject>(),
DirectReports = new List<DirectoryObject>(),
Members = new List<DirectoryObject>(),
MemberOf = new List<DirectoryObject>(),
Owners = new List<DirectoryObject>(),
OwnedObjects = new List<DirectoryObject>()
await client.Applications.AddApplicationAsync(application);
另外,您的 IdentifierUris
Also, your IdentifierUris
cannot contain spaces, so I've changed it to a hardcoded string.
这篇关于使用图形 API 在 Azure Active Directory 中创建应用程序失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!