Hi @Siddartha Pal ,
Thanks for reaching out.
What we want? After successful login (user would be using "userName" not email for logging in), we would like to get user profile information from Azure using MS Graph.
To get the user's details using Graph API, you need to provide the User.Read delegated permissions to your application.
To add the permission, navigate to API permissions in your registered application. Select Microsoft Graph and then Delegated permission and add User.Read permission to your application.
To get the user profile information from MS Graph you need to call below Graph API endpoints:
GET https://graph.microsoft.com/v1.0/me - This endpoint gives the details of signed in user.
GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName} - This endpoint retrieved the user's profile of the particular user.
Why this is required? After successful login, when we check the "HttpContext.User.Identity.Name" in web controllers, we are getting "name" but we want "userName" in the above property(which is actually "User Principal Name" as being shown in "Azure/Users").
To get the Username of the user, your need to retrieve identities property of the user representing an identity used to sign into a user account i.e email, username, federated or user principal name.
Getting a user only retrieving the default set of properties only. To get the properties and relationships of user object, you need to use $select which will retrieve issuerAssignedId which represents username.
You need to call GET https://graph.microsoft.com/v1.0/users/{userId}?$select=displayName,identities to get the username of the user.
In ASP.net MVC , you can call graph API as below:
public static async Task<CachedUser> GetUserDetailsAsync(string accessToken)
{
var graphClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
async (requestMessage) =>
{
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", accessToken);
}));
var user = await graphClient.Users["{user-id}"].Request()
.Select(u => new {
u.DisplayName,
u.Mail,
u.Identities
})
.GetAsync();
We also need access to roles associated with the logged on user (this would get populated during account Migration) To retrieve the list of roles that a user has been granted using below Graph API endpoint: https://graph.microsoft.com/v1.0/users/{user-id}/appRoleAssignments which will require User.ReadBasic.All least privileged permission to your application. You can assign any permission to your application as mentioned above. Reference : https://learn.microsoft.com/en-us/graph/api/user-list-approleassignments?view=graph-rest-1.0&tabs=http How to get access to scopes for Graph so that I can get access to "Access token" You can add permissions(scope) to your application as added above for 'User.Read' which will allow you to add those scope(https://graph.microsoft.com/user.read) in your authorization request to get the access token. Hope this will help. Thanks, Shweta Please remember to "Accept Answer" if answer helped you.