Share via

MSAL AUTHENTICATION GIVES DIFFERENT ID

Giorgio Sfiligoi 391 Reputation points
2025-03-27T09:38:37.8066667+00:00

Playing in Graph Explorer with my MS account I get the following information:

User Principal Name: ******@hotmail.com
Id: dd81....
DisplayName: Giorgio Sfiligoi
Preferred Language: it-IT
email: ******@hotmail.com

Running the old sample (for desktop) 'OneDriveApiBrowser' reports the same Id.

Then I tried the samples in https://github.com/Azure-Samples/ms-identity-dotnetcore-maui/tree/main in .net9.0.

I added a page that provides status information:

    protected override async void OnAppearing()
    {
        base.OnAppearing();
		try
		{
            var user = await PublicClientSingleton.Instance.MSGraphHelper.GetMeAsync();
            if (user == null) await Shell.Current.DisplayAlert("Error", "Cannot find GraphUser", "OK");
            else
            {
                StringBuilder sb = new StringBuilder();
                sb.Append("Name : "); sb.AppendLine(user.DisplayName);
                sb.Append("Id : "); sb.AppendLine(user.Id);
                sb.Append("email : "); sb.AppendLine(user.Mail);
                sb.Append("Preferred language : "); sb.AppendLine(user.PreferredLanguage);
                // --------
                if (user.Drive == null) sb.AppendLine("DRIVE NULL"); else sb.AppendLine("DRIVE OK");
                if (user.Drives == null) sb.AppendLine("DRIVES NULL"); else sb.AppendLine("DRIVES OK");
                if (user.PermissionGrants == null) sb.AppendLine("PERMISSION GRANTS NULL"); else sb.AppendLine("PERMISSION GRANTS OK");
                result.Text = sb.ToString();
            }
        }
        catch (MsalUiRequiredException ex)
		{
            await Shell.Current.DisplayAlert("EXCEPTION", ex.Message, "OK");
            await PublicClientSingleton.Instance.SignOutAsync();
			await Shell.Current.GoToAsync("..");
		}
    }

'result' is the x:Name of a Editor item in the page.

This reports:

DisplayName : Giorgio Sfiligoi
Id : ac34....
email :
Preferred language :
DRIVE NULL
DRIVES NULL
PERMISSION GRANTS NULL

Notice that the ID is different, and the fields 'email' and 'Preferred language' remain empty.

This "new" ID shows the same DisplayName, but I think that actually it points to a different user.

Can anybody clarify this discrepancy?

Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. CarlZhao-MSFT 46,376 Reputation points
    2025-03-28T09:21:29.5766667+00:00

    Hi @Giorgio Sfiligoi

    "Id: ac34.... " should be the ID of the guest user. Did you add your personal account as a guest to the tenant? This ID is assigned to the personal account as a guest in the tenant.

    And "Id: dd81.... " is the ID of your personal account, because you logged in to Graph Explorer as a personal user.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.