This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 23%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Hi All
We have a ASP.NET MVC 3 based project (Not .NET core). In that we have added code for Azure AD B2C Integration (after going through sample code provided by Microsoft).
What we want?
After successful login (user would be using "userName" not email for logging in), we would like to get user profile information from Azure using MS Graph.
Why this is required?
After successful login, when we check the "HttpContext.User.Identity.Name" in web controllers, we are getting "name" but we want "userName" in the above property(which is actually "User Principal Name" as being shown in "Azure/Users"). We also need access to roles associated with the logged on user (this would get populated during account Migration).
Refer the following image
How to get access to scopes for Graph so that I can get access to "Access token"? is not clear to me. Any pointers would be very helpful. best regards
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Siddartha Pal ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Hi @Siddartha Pal ,
Thanks for reaching out.
What we want? After successful login (user would be using "userName" not email for logging in), we would like to get user profile information from Azure using MS Graph.
To get the user's details using Graph API, you need to provide the User.Read delegated permissions to your application.
To add the permission, navigate to API permissions in your registered application. Select Microsoft Graph and then Delegated permission and add User.Read permission to your application.
To get the user profile information from MS Graph you need to call below Graph API endpoints:
GET https://graph.microsoft.com/v1.0/me - This endpoint gives the details of signed in user.
GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName} - This endpoint retrieved the user's profile of the particular user.
Why this is required? After successful login, when we check the "HttpContext.User.Identity.Name" in web controllers, we are getting "name" but we want "userName" in the above property(which is actually "User Principal Name" as being shown in "Azure/Users").
To get the Username of the user, your need to retrieve identities property of the user representing an identity used to sign into a user account i.e email, username, federated or user principal name.
Getting a user only retrieving the default set of properties only. To get the properties and relationships of user object, you need to use $select which will retrieve issuerAssignedId which represents username.
You need to call GET https://graph.microsoft.com/v1.0/users/{userId}?$select=displayName,identities to get the username of the user.
In ASP.net MVC , you can call graph API as below:
public static async Task<CachedUser> GetUserDetailsAsync(string accessToken)
{
var graphClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
async (requestMessage) =>
{
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", accessToken);
}));
var user = await graphClient.Users["{user-id}"].Request()
.Select(u => new {
u.DisplayName,
u.Mail,
u.Identities
})
.GetAsync();
We also need access to roles associated with the logged on user (this would get populated during account Migration) To retrieve the list of roles that a user has been granted using below Graph API endpoint: https://graph.microsoft.com/v1.0/users/{user-id}/appRoleAssignments which will require User.ReadBasic.All least privileged permission to your application. You can assign any permission to your application as mentioned above. Reference : https://learn.microsoft.com/en-us/graph/api/user-list-approleassignments?view=graph-rest-1.0&tabs=http How to get access to scopes for Graph so that I can get access to "Access token" You can add permissions(scope) to your application as added above for 'User.Read' which will allow you to add those scope(https://graph.microsoft.com/user.read) in your authorization request to get the access token. Hope this will help. Thanks, Shweta Please remember to "Accept Answer" if answer helped you.
Hi Shweta, Thanks for the response. Configuring Scope for Graphi API I am not able to do what you have mentioned for GRAPH API and may be its due to the reason that we dont have permissions. The Tenenat I am working on has been created with very limited resources. I have done the same before on a diffefent project and I was wondering why the same is not happening. I came to know about this limitation, yesterday evening only. How to call Graph API This part is clear to me. Seems I might have to installed Graph SDK but please correcte me, if I am wrong. How to acess "access token" in web controller? I have another issue, how to get access to the "Access Token" in Web Controller? I have referred sample code from MS https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi no example given for accessing token in web controller. In the "TaskController" class in the above, code sample is there but that is being used to call another end point. Is that ok to use the same code in "Web Controller" using scope exposed by Graph API? Please let me know your views on the same best regards, S
Hi Siddartha Pal,
Yes, you can get the access token in web controller as mentioned in another controller. Also, to get the access token in a web controller, you can use the GetAccessTokenForUserAsync method of the ITokenAcquisition service as mentioned here - https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/active-directory/develop/scenario-web-app-call-api-acquire-token.md
The HttpContext method is useful when you need to retrieve the access token from the HTTP request headers directly, while the GetAccessTokenForUserAsync method is useful when you need to retrieve the access token programmatically and use it in your code. Additionally, the GetAccessTokenForUserAsync method provides additional features such as token caching and automatic token refresh, which can simplify the process of working with access tokens in your application.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
Hello Shewta, After implementing the code, I am getting the following error:- "No account or login hint was passed to the AcquireTokenSilent call."
And this is same error I am getting when I tried to access the token using the code example given in TaskController.
I configured the Postman and I am able to hit 2 end points of the web api. Which means the configuration of web api project on Azure is correct.
And ITokenAcquisition service is available in .NET core not in .NET based applications.
What I am missing? best regards, Siddartha Pal
Hi Siddartha Pal ,
Apologies for delay in response here. You are getting this error as token cache is empty to acquire the token silently.
It would require user's credentials from the cache which is not available due to first time sign-in to the application.
I have provided a detailed answer to this in your another thread.
Hope this will help.
Please don’t forget to click "Accept Answer" if you get an answer to your first question which might be beneficial to other community members reading this thread. And, if you have any further queries do let us know.