Using Graph API and accessing onPremisesSamAccountName

Alan 41 Reputation points
2022-09-06T21:51:44.447+00:00

Hi,

I'm trying to get the value of onPremisesSamAccountName for my Blazor WASM project from the graph explorer (https://developer.microsoft.com/en-us/graph/graph-explorer) under GET beta my profile (https://graph.microsoft.com/beta/me). I have the Application (client) ID for my app, I got Microsoft Graph API permission (User.Read).

How do I code this in my Blazor WASM project in order to get the exact json format of the response preview from the graph explorer and grab that value? Because I need users to be able to login to my app with their Microsoft accounts and use their onPremisesSamAccountName value.

The GET query https://graph.microsoft.com/beta/me returns the necessary info in the graph explorer, but when I type in the url it returns: 

{"error":{"code":"InvalidAuthenticationToken","message":"Access token is empty.","innerError":{"date":"2022-09-06T21:44:50","request-id":"6f164f40-c9f9-498d-a19c-6f4482300713","client-request-id":"6f164f40-c9f9-498d-a19c-6f4482300713"}}}

In my code am I suppose to write that snippet of code from the graph explorer? 

GraphServiceClient graphClient = new GraphServiceClient( authProvider );  
  
var user = await graphClient.Me  
	.Request()  
	.GetAsync();

How do I start coding this? Thanks.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,526 questions
Blazor
Blazor
A free and open-source web framework that enables developers to create web apps using C# and HTML being developed by Microsoft.
878 questions
Microsoft Graph Profile API
Microsoft Graph Profile API
A Microsoft API that retrieves the profile of the signed-in user or another user with a valid Azure AD or Microsoft account.
97 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
7,530 questions
Accepted answer
  1. Shweta Mathur 12,991 Reputation points Microsoft Employee
    2022-09-07T08:26:40.02+00:00

    Hi @Alan ,

    Thanks for reaching out.

    I understand you are trying to call Graph API endpoint using Blazor WASM project but getting "InvalidAuthenticationToken" error. Although you are able to use the endpoint successfully using Graph Explorer.

    Graph Explorer is the tool provided by Microsoft to explore Graph API endpoints by allowing you to sign into your tenant directly. It has inbuilt access token provided to you to easily access the Graph API. However, to call all the Graph API endpoints using postman or within the code require the valid access token with required permissions to call the Microsoft Graph.

    You need to call IAuthenticationProvider to authenticate the request and request Access token based on the request and this access token need to pass as bearer token in Authorization Header to call the Graph API endpoint as below: 

     private class GraphAuthenticationProvider : IAuthenticationProvider  
        {  
            public GraphAuthenticationProvider(IAccessTokenProvider provider)  
            {  
                Provider = provider;  
            }  
  
            public IAccessTokenProvider Provider { get; }  
  
            public async Task AuthenticateRequestAsync(HttpRequestMessage request)  
            {  
                var result = await Provider.RequestAccessToken(new AccessTokenRequestOptions()  
                {  
                    Scopes = new[] { "https://graph.microsoft.com/User.Read" }  
                });  
  
                if (result.TryGetToken(out var token))  
                {  
                    request.Headers.Authorization ??= new AuthenticationHeaderValue("Bearer", token.Value);  
                }  
            }  
        }

    Reference :https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/graph-api?view=aspnetcore-6.0

    Hope this will help.

    Thanks,
    Shweta

    Please remember to "Accept Answer" if answer helped you.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JasonPan - MSFT 1,306 Reputation points Microsoft Vendor
    2022-09-07T07:40:28.28+00:00

    Hi @Alan

    You can refer to this source code to learn how to properly use Graph SDK in Blazor WASM project.

    This error message show you are missing Bear token when you send the http request. You can refer the source code and learn how to add it. And from your description, you are using beta version sdk, and you need to install the beta version package.

    If you are not using beta version sdk, you can refer to this post in Q&A and another case in Stackoverflow.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards,
    Jason

  2. Bruce (SqlWork.com) 31,096 Reputation points
    2022-09-07T16:18:11.607+00:00

    to call the GraphApi you need an access token passed via a bearer header. for Blazor WASM you typically would use the MSAL library to get the token. with the token you can call GraphApi directly or use the GraphApi library:

    MSAL:
    https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/standalone-with-azure-active-directory?view=aspnetcore-6.0

    Graph Api
    https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/graph-api?view=aspnetcore-6.0

    note: you will need to register the website hosting the blazor app as an ad application. you will then use this registration client id. Your azure ad admin can do this.