Getting User Details from Azure AD in ASP.NET

Joe Green 141 Reputation points

In my ASP.NET 4.8 MVC application, I was able to get user authenticated using Azure AD. Now I need to get user details like job title, department, email, etc. From the research I did so far, it looks like MS Graph API is the way to go. Am I correct? Can someone point me to a sample in C# or documentation because all the example I have seen so far are ASP.NET Core. I'm new to MS Graph API and Azure AD feeling little lost.

A set of technologies in the .NET Framework for building web applications and XML web services.
3,162 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,577 questions
{count} votes

5 answers

Sort by: Most helpful
  1. Shweta Mathur 25,296 Reputation points Microsoft Employee

    Hi @Joe Green ,

    The above details you are getting is the access token claims. To request or get user details using Microsoft graph require access token in Azure AD which will authenticate and authorize the user to get the user's details on his behalf.

    There are different authorization providers (authProvider) to get the access token based on the application types.

    To get the access token on user's behalf, we can use authorization provider which will authenticate the user and provide the user's details in the claims as you mentioned above.

    Here the aud claim in token indicates that the token is intended for which audience or resource (in your case that would be and other claims are related to access token.

    To get the user's details, you would require user.Read permissions which you will be able to see in the scope claim of access token.

    Once you will get the access token with correct audience and scope, this needs to pass as bearer token in the authorization header to get the user's details.

       public static async Task<CachedUser> GetUserDetailsAsync(string accessToken)
                var graphClient = new GraphServiceClient(
                    new DelegateAuthenticationProvider(
                        async (requestMessage) =>
                            requestMessage.Headers.Authorization =
                                new AuthenticationHeaderValue("Bearer", accessToken);
                var user = await graphClient.Me.Request()
                    .Select(u => new {

    where graphClient.Me is calling endpoint to get the user's details of logged in user.

    User's image

    To get the user's details on behalf of other's user, you need to pass user-id of that user which is the object-id of the added user in your Azure active directory.

    var user = await graphClient.Users["{user-id}"]

    User's image

    Hope this will help you.



    Please remember to "Accept Answer" if answer helped you.

    1 person found this answer helpful.
    0 comments No comments

  2. Bruce ( 52,311 Reputation points

    you need to cache the access token on authentication. see:


    you want exercise 3.

    0 comments No comments

  3. Givary-MSFT 24,971 Reputation points Microsoft Employee

    @Joe Green Apologies for the delay in reviewing this post, refer to this example in this article [

    Updated the below code with the required attributes as per your need.

    Let me know if you have any further questions, feel free to post back.

    GraphServiceClient graphClient = new GraphServiceClient( authProvider );
    var user = await graphClient.Users["{user-id}"]
    0 comments No comments

  4. Joe Green 141 Reputation points

    I'm able to log in. What would be authProvider and user-id? I'm able to see these claims but no email

    User's image

    0 comments No comments

  5. Joe Green 141 Reputation points

    I'm following this tutorial

    This tutorial uses Client Secrete but we don't, so we installed self-signed cert in Azure. I have User.Read.All scope. Since I don't have client secrete, how do I change the code in this tutorial to use self-signed cert? I'm using IIS Express on development machine. I've installed the private key on the development machine.

    Getting to user details seems quite the hassle and nothing is straight forward.

    0 comments No comments