Call the Microsoft GraphApi from the .net application and get the user details based on the email address

Question

Hi,

I have a below requirement.

I need to call the microsoft GraphApi from the .net application and get the user details based on the email address he/she types in the textbox.

In Azure portal - i have enabled (Any Microsoft Entra ID tenant - Multitenant) option. i.e anyone from their personal Microsoft accounts can access the application.

Note: I need to access the users not only in organizational directory but i need fetch details about the personal Microsoft accounts.

For eg: lets assume i have addded 1 user (******@yahoo.com) and given (User.Read & User.Read.All) permission has been provided.

when i tried to access it from my .net application using graph api. it is working perfectly.

But my requirement is i pass personal microsoft email address (eg: ******@aol.com) also, it should work. But currently its not working with personal microsoft email address.

Please help me with the same. Below is my code:

var app = ConfidentialClientApplicationBuilder
.Create(ConfigurationManager.AppSettings["ida:ClientId"])
 .WithClientSecret("youClientSecret") //replace with your client secret
 .WithAuthority(new Uri(ConfigurationManager.AppSettings["ida:Instance"] + ConfigurationManager.AppSettings["ida:TenantId"]))
 .Build();
```var result = await app.AcquireTokenForClient(new[] { "https://graph.microsoft.com/.default" }).ExecuteAsync();
var token = result.AccessToken;
//userEmail = "******@yahoo.com";
 userEmail = "******@aol.com";
string graphApiUrl = $"https://graph.microsoft.com/v1.0/users?$filter=mail eq '{userEmail}'&$select=id,displayName,userPrincipalName,signInType";
using (var client = new HttpClient())
{

string accessToken = token;
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
HttpResponseMessage response = await client.GetAsync(graphApiUrl);
if (response.IsSuccessStatusCode)
{
    string content = await response.Content.ReadAsStringAsync();
    // Parse the JSON response to get the signInType property
    // For example, using Newtonsoft.Json:
    dynamic users = Newtonsoft.Json.JsonConvert.DeserializeObject(content);
    foreach (var user in users.value)
    {
        string signInType = user.signInType;
        if (signInType == "microsoftAccount")
        {
            Console.WriteLine("User is linked to a Microsoft account.");
        }
        else
        {
            Console.WriteLine("User is not linked to a Microsoft account.");
        }
    }
}
else
{
    Console.WriteLine($"Failed to call the API. Status code: {response.StatusCode}");
}
}

Answer 1

Hi @pk ,

Thanks for reaching out.

You need to register your application "Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)" to allow authentication from personal accounts.

Reference - https://learn.microsoft.com/en-us/security/zero-trust/develop/identity-supported-account-types

Hope this will help.

Thanks,

Shweta

Please remember to "Accept Answer" if answer helped you.

Answer 2

Hi Swetha,

Thanks for the response. I have tried the same but its not working with microsoft graph Api. Its only working when we make user to enter his/her credentials in the microsoft login window and user accepts it.

But if we directly access the personal microsoft login through GraphiApi its not working.

Thanks,

Prasanth