Search code examples
c#asp.net-coreazure-active-directorymicrosoft-graph-apiazure-app-registration

How do I add Azure app registration App role using Dotnet Core

Hi I have to add an AppRole to an exsisting App Regestration. This is how I've added the App and assigned one role along with that:

var scopes = new[] { "https://graph.microsoft.com/.default" };
            var tenantId = "-Confidential-";
            var clientId = "-Confidential-";
            var clientSecret = "-Confidential-";


            var options = new TokenCredentialOptions
            {
                AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
            };

            var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);

            var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

           AppRole appRole = new AppRole()
            {
                DisplayName = "External API",
                Description = "Allow the application to access External Resources",
                AllowedMemberTypes = new List<string>() { "Application" },
                Value = "Resource.External",
                IsEnabled = true,
                Id = new Guid() 
            };

            var requestBody = new Application
            {
                DisplayName = "App_One",
                AppRoles = new List<AppRole>() { appRole }
                RequiredResourceAccess = new List<RequiredResourceAccess>()
                {
                    new RequiredResourceAccess
                    {
                        ResourceAppId = "-Confidential-",
                        ResourceAccess = new List<ResourceAccess>()
                        {
                            new ResourceAccess
                            {
                                //API permission :- user_impersonation
                                Id = Guid.Parse("Confidential-ba31-4d61-89e7-Confidential"),
                                Type = "Scope"
                            }
                        }
                    }

                }
            };

            var result = await graphClient.Applications.PostAsync(requestBody);

But now I have to add another appRole to it.

I have tried using the same App Name and the same PostAsync method to update but ended up creating a new App in App Registrations.

Please can anyone help how can I add the role through my code.

Solution

  • Documentation: https://learn.microsoft.com/en-us/graph/api/application-update?view=graph-rest-1.0&tabs=csharp#example

    Example from docs:

    // Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new Application
{
    DisplayName = "New display name",
};
var result = await graphClient.Applications["{application-id}"].PatchAsync(requestBody);

    Basically you run a PATCH request against the existing application object. You will need the created Application's object ID (Id in the SDK).