Using Graph API and accessing onPremisesSamAccountName

Alan 41 Reputation points


I'm trying to get the value of onPremisesSamAccountName for my Blazor WASM project from the graph explorer ( under GET beta my profile ( I have the Application (client) ID for my app, I got Microsoft Graph API permission (User.Read).

How do I code this in my Blazor WASM project in order to get the exact json format of the response preview from the graph explorer and grab that value? Because I need users to be able to login to my app with their Microsoft accounts and use their onPremisesSamAccountName value.

The GET query returns the necessary info in the graph explorer, but when I type in the url it returns:

{"error":{"code":"InvalidAuthenticationToken","message":"Access token is empty.","innerError":{"date":"2022-09-06T21:44:50","request-id":"6f164f40-c9f9-498d-a19c-6f4482300713","client-request-id":"6f164f40-c9f9-498d-a19c-6f4482300713"}}}  

In my code am I suppose to write that snippet of code from the graph explorer?

GraphServiceClient graphClient = new GraphServiceClient( authProvider );  
var user = await graphClient.Me  

How do I start coding this? Thanks.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,480 questions
A free and open-source web framework that enables developers to create web apps using C# and HTML being developed by Microsoft.
1,372 questions
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,178 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,327 questions
0 comments No comments
{count} votes

Accepted answer
  1. Shweta Mathur 27,131 Reputation points Microsoft Employee

    Hi @Alan ,

    Thanks for reaching out.

    I understand you are trying to call Graph API endpoint using Blazor WASM project but getting "InvalidAuthenticationToken" error. Although you are able to use the endpoint successfully using Graph Explorer.

    Graph Explorer is the tool provided by Microsoft to explore Graph API endpoints by allowing you to sign into your tenant directly. It has inbuilt access token provided to you to easily access the Graph API. However, to call all the Graph API endpoints using postman or within the code require the valid access token with required permissions to call the Microsoft Graph.

    You need to call IAuthenticationProvider to authenticate the request and request Access token based on the request and this access token need to pass as bearer token in Authorization Header to call the Graph API endpoint as below:

     private class GraphAuthenticationProvider : IAuthenticationProvider  
                public GraphAuthenticationProvider(IAccessTokenProvider provider)  
                    Provider = provider;  
                public IAccessTokenProvider Provider { get; }  
                public async Task AuthenticateRequestAsync(HttpRequestMessage request)  
                    var result = await Provider.RequestAccessToken(new AccessTokenRequestOptions()  
                        Scopes = new[] { "" }  
                    if (result.TryGetToken(out var token))  
                        request.Headers.Authorization ??= new AuthenticationHeaderValue("Bearer", token.Value);  

    Reference :

    Hope this will help.


    Please remember to "Accept Answer" if answer helped you.

2 additional answers

Sort by: Most helpful
  1. JasonPan - MSFT 4,201 Reputation points Microsoft Vendor

    Hi @Alan

    You can refer to this source code to learn how to properly use Graph SDK in Blazor WASM project.

    This error message show you are missing Bear token when you send the http request. You can refer the source code and learn how to add it. And from your description, you are using beta version sdk, and you need to install the beta version package.

    If you are not using beta version sdk, you can refer to this post in Q&A and another case in Stackoverflow.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards,

  2. Bruce ( 54,621 Reputation points

    to call the GraphApi you need an access token passed via a bearer header. for Blazor WASM you typically would use the MSAL library to get the token. with the token you can call GraphApi directly or use the GraphApi library:


    Graph Api

    note: you will need to register the website hosting the blazor app as an ad application. you will then use this registration client id. Your azure ad admin can do this.

    0 comments No comments