Getting User Details from Azure AD in ASP.NET

Joe Green 146 Reputation points
2023-01-17T14:32:53.06+00:00

In my ASP.NET 4.8 MVC application, I was able to get user authenticated using Azure AD. Now I need to get user details like job title, department, email, etc. From the research I did so far, it looks like MS Graph API is the way to go. Am I correct? Can someone point me to a sample in C# or documentation because all the example I have seen so far are ASP.NET Core. I'm new to MS Graph API and Azure AD feeling little lost.

ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,251 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,454 questions

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 27,381 Reputation points Microsoft Employee
    2023-01-31T10:32:49.04+00:00

    Hi @Joe Green ,

    The above details you are getting is the access token claims. To request or get user details using Microsoft graph require access token in Azure AD which will authenticate and authorize the user to get the user's details on his behalf.

    There are different authorization providers (authProvider) to get the access token based on the application types.

    To get the access token on user's behalf, we can use authorization provider which will authenticate the user and provide the user's details in the claims as you mentioned above.

    Here the aud claim in token indicates that the token is intended for which audience or resource (in your case that would be https://graph.microsoft.com) and other claims are related to access token.

    To get the user's details, you would require user.Read permissions which you will be able to see in the scope claim of access token.

    Once you will get the access token with correct audience and scope, this needs to pass as bearer token in the authorization header to get the user's details. 

       public static async Task<CachedUser> GetUserDetailsAsync(string accessToken)
        {
            var graphClient = new GraphServiceClient(
                new DelegateAuthenticationProvider(
                    async (requestMessage) =>
                    {
                        requestMessage.Headers.Authorization =
                            new AuthenticationHeaderValue("Bearer", accessToken);
                    }));

            var user = await graphClient.Me.Request()
                .Select(u => new {
                    u.DisplayName,
                    u.Mail,
                    u.UserPrincipalName
                })
                .GetAsync();

    where graphClient.Me is calling https://graph.microsoft.com/v1.0/me endpoint to get the user's details of logged in user.

    User's image

    To get the user's details on behalf of other's user, you need to pass user-id of that user which is the object-id of the added user in your Azure active directory. 

    var user = await graphClient.Users["{user-id}"]
	.Request()
	.Select("displayName,givenName,postalCode,identities")
	.GetAsync();

    User's image

    Hope this will help you.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    1 person found this answer helpful.
    0 comments
  2. Bruce (SqlWork.com) 55,601 Reputation points
    2023-01-17T18:55:55.8666667+00:00

    you need to cache the access token on authentication. see:

    [https://github.com/microsoftgraph/msgraph-training-aspnetmvcapp

    you want exercise 3.

    0 comments
  3. Givary-MSFT 27,886 Reputation points Microsoft Employee
    2023-01-27T08:02:54.4166667+00:00

    @Joe Green Apologies for the delay in reviewing this post, refer to this example in this article [https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=csharp#:~:text=Use%20%24select%20to%20retrieve%20specific%20properties%20of%20a%20user

    Updated the below code with the required attributes as per your need.

    Let me know if you have any further questions, feel free to post back. 

    GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var user = await graphClient.Users["{user-id}"]
	.Request()
	.Select("displayName,givenName,postalCode,identities")
	.GetAsync();
    0 comments
  4. Joe Green 146 Reputation points
    2023-01-30T13:37:28.88+00:00

    I'm able to log in. What would be authProvider and user-id? I'm able to see these claims but no email

    User's image

    0 comments
  5. Joe Green 146 Reputation points
    2023-02-07T17:03:32.2+00:00

    I'm following this tutorial https://learn.microsoft.com/en-us/training/modules/msgraph-build-aspnetmvc-apps/5-exercise-add-auth

    This tutorial uses Client Secrete but we don't, so we installed self-signed cert in Azure. I have User.Read.All scope. Since I don't have client secrete, how do I change the code in this tutorial to use self-signed cert? I'm using IIS Express on development machine. I've installed the private key on the development machine.

    Getting to user details seems quite the hassle and nothing is straight forward.

    0 comments