How to retrieve a user image from azure ad using microsoft graph in .net .

Question

How to retrieve a user image from azure ad using microsoft graph in .net .

yuvraj khanna 5

For Microsoft graph version 5.56.0 . how to retreive user image file with given email address from microsoft entra Id . I have the single tenant id option selected only .

<PackageReference Include="Microsoft.Graph" Version="5.56.0" />


var scopes = new[] { "User.Read" };
            var tenantId = "xxxxxxxxxxxxxxxxx";
            var clientId = "xxxxxxxxxxxxxxxxx"; 
            var clientSecret = "xxxxxxxxxxxxxxxxxxxx";
            var options = new TokenCredentialOptions
            {
                AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
            };

            var clientSecretCredential = new ClientSecretCredential(
                tenantId, clientId, clientSecret, options);

            var graphClient = new GraphServiceClient(clientSecretCredential, scopes);

            var userEmail = "user@example.com";

            try
            {
               
                var user = await graphClient.Users[userEmail].Request().GetAsync();

               
                if (user != null && !string.IsNullOrEmpty(user.ProfilePictureUrl))
                {
                    Console.WriteLine($"User's Profile Picture URL: {user.ProfilePictureUrl}");
                }
                else
                {
                    Console.WriteLine("User not found or does not have a profile picture.");
                }
            }
            catch (ServiceException ex)
            {
                Console.WriteLine($"An error occurred: {ex.Message}");
            }

Anonymous

2024-06-19T08:22:54.0733333+00:00

Hi @yuvraj khanna , do you want to get the user profile photo? If so, I trust this API shall be the target API. By the way, I want to know that whether you want a user to sign in first then your application could get the profile picture on behalf of the user, or you don't want a user-sign-in ahead, you hope you your application could obtain any user's profile picture based on the user email?
yuvraj khanna 5 Reputation points

2024-06-19T09:01:55.4466667+00:00

'UserItemRequestBuilder' does not contain a definition for 'Request' and no accessible extension method 'Request' accepting a first argument of type 'UserItemRequestBuilder' could be found (are you missing a using directive or an assembly reference?)
This is the error that i am facing . And yes i want the user to sign in first then using signed in user email i want to get profile picture of the user.
Anonymous

2024-06-19T09:11:41.23+00:00

Hi, thanks for your confirmation, the error you faced is due to the differences between SDK v4 and SDK v5, you might see the upgrade release note. And for "want the user to sign in first then using signed in user email i want to get profile picture of the user" -> Could you please help confirm whether you integrated the Azure AD authentication into your application? If not, you might create a new MVC application using VS 2022 template, and choose Microsoft Identity platform as authentication type. Then you will get an MVC application integrating Azure AD. Then let's integrate Graph SDK into the application.

2 answers

Your answer

Anonymous

2024-06-19T08:22:54.0733333+00:00

Hi @yuvraj khanna , do you want to get the user profile photo? If so, I trust this API shall be the target API. By the way, I want to know that whether you want a user to sign in first then your application could get the profile picture on behalf of the user, or you don't want a user-sign-in ahead, you hope you your application could obtain any user's profile picture based on the user email?
yuvraj khanna 5 Reputation points

2024-06-19T09:01:55.4466667+00:00

'UserItemRequestBuilder' does not contain a definition for 'Request' and no accessible extension method 'Request' accepting a first argument of type 'UserItemRequestBuilder' could be found (are you missing a using directive or an assembly reference?)
This is the error that i am facing . And yes i want the user to sign in first then using signed in user email i want to get profile picture of the user.
Anonymous

2024-06-19T09:11:41.23+00:00

Hi, thanks for your confirmation, the error you faced is due to the differences between SDK v4 and SDK v5, you might see the upgrade release note. And for "want the user to sign in first then using signed in user email i want to get profile picture of the user" -> Could you please help confirm whether you integrated the Azure AD authentication into your application? If not, you might create a new MVC application using VS 2022 template, and choose Microsoft Identity platform as authentication type. Then you will get an MVC application integrating Azure AD. Then let's integrate Graph SDK into the application.

Answer 1

Hi @yuvraj khanna , you might try my codes below as I noticed that you are using new ClientSecretCredential. This means you are using client credential flow which requires Application type of API permission. Client credential flow doesn't require a user to sign in first. The codes below allow the application to get profile photo of any user in your tenant base on the user id.

using Microsoft.Graph;
using Azure.Identity;
public async Task<IActionResult> clientAsync() {
    var scopes = new[] { "https://graph.microsoft.com/.default" };
    var tenantId = "tenant_id";
    var clientId = "client_id";
    var clientSecret = "client_Secret";
    var clientSecretCredential = new ClientSecretCredential(
                    tenantId, clientId, clientSecret);
    var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
    var users = await graphClient.Users.GetAsync();
    var photo = await graphClient.Users["user_id/user_principle_name"].Photo.Content.GetAsync();
    return File(photo, "image/jpeg");
}

The error does not contain a definition for 'Request'... you faced is due to you are using codes for SDK v4.X, but you are using V5.56.0.

========================================

Asking user to sign-in first and get his/her profile photo requires the application to integrate Azure AD authentication, then we can use the Graph SDK for .net to call Graph API. We should have codes below in Program.cs

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
    .EnableTokenAcquisitionToCallDownstreamApi()
    .AddMicrosoftGraph(builder.Configuration.GetSection("DownstreamApi"))
    .AddInMemoryTokenCaches();

In appsetting.json, my configuration is like this.

"AzureAd": {
  "Instance": "https://login.microsoftonline.com/",
  "ClientId": "client_id",
  "ClientSecret": "client_secret",
  "Domain": "tenant_id",
  "TenantId": "tenant_id",
  "CallbackPath": "/signin-oidc"
},
"DownstreamApi": {
  "BaseUrl": "https://graph.microsoft.com/v1.0",
  "Scopes": "User.Read.All"
},

Then in the controller, we should inject GraphClient:

private GraphServiceClient _graphServiceClient;
public HomeController(GraphServiceClient graphServiceClient)
{
    _graphServiceClient = graphServiceClient;
}
public async Task<IActionResult> IndexAsync()
{
    var me = await _graphServiceClient.Me.GetAsync();
    var photo = await graphClient.Me.Photo.Content.GetAsync();
    return File(photo, "image/jpeg"); 
}

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best regards,
Tiny

yuvraj khanna 5 Reputation points

2024-06-19T09:53:51.1966667+00:00

Below code is still not working for getting profile photo of any user in tenant base on the user email . It is throwing the below error on
var users = await graphClient.Users.GetAsync();

{ "Message": "The Request responded with exceptions. Please check and try again.", "ResponseException": { "Details": null, "ExceptionMessage": "Exception of type 'Microsoft.Graph.Models.ODataErrors.ODataError' was thrown.", "IsError": true, "ValidationErrors": [] }, "StatusCode": 500, "Version": "1.0" }

public async Task<IActionResult> Add() { var scopes = new[] { "https://graph.microsoft.com/.default" }; var userEmail = "***"; // user email exists . var clientId = "***"; var tenantId = "**"; var clientSecret = "**"; // client secret value var clientSecretCredential = new ClientSecretCredential( tenantId, clientId, clientSecret); var graphClient = new GraphServiceClient(clientSecretCredential, scopes); try { var users = await graphClient.Users.GetAsync(); var photo = await graphClient.Users[userEmail].Photo.Content.GetAsync(); if (photo != null) { return this.Ok(this.File(photo, "image/jpeg")); } } catch (ServiceException ex) { Console.WriteLine($"An error occurred: {ex.Message}"); } return this.NotFound("No image assigned."); }
Anonymous

2024-06-19T10:41:17.25+00:00

I want to double confirm with you that whether the exception was occurred in line var users = await graphClient.Users.GetAsync(); or in await graphClient.Users[userEmail].Photo.Content.GetAsync() ? If the exception was thrown from graphClient.Users.GetAsync(), then let's make sure we already grant Application type of API permission. It's Application type, and we must grant admin consent. In Azure portal -> Azure Entra ID -> App registrations -> The application you used -> Api permissions -> Add a permission -> Microsoft Graph -> Application -> Search for User.Read.All -> click it and add permission -> Grant Admin consent for xx tenant.

If the exception was thrown by the next line, could you please help try to use the user object id instead of user email address? I test with personal account and I found that my codes worked well when I used user Id, but I got exception when I used the user principal name, although the API document showed that user principal name should be supported. User principal name looks like ******@tenantname.onmicrosoft.com which is not the email address.

In the meantime, please make sure the user has a profile photo. In my test, I didn't give a profile photo to a user and I got exception too.
Anonymous

2024-06-20T10:30:48.3733333+00:00

Hi @yuvraj khanna , could you please let me know whether you have any issue on the codes?

Answer 2

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

1 deleted comment

Comments have been turned off. Learn more

Share via

How to retrieve a user image from azure ad using microsoft graph in .net .

2 answers

Your answer