Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, August 21, 2015 9:53 PM
Hi,
I am trying out the new ASPNET5 web app using Azure AD. I have just created a new app using the file new project dialog and selected the "Work and School Accounts" for authentication. I just ran the default template and able to login, however my email address is shown on top (Hello live.com#USERNAME@hotmail.com!). I want to retrieve the users full name and show here instead. How can I do that.
Using individual authentication I understand that the ApplicationUser class can be extended and the object will be persisted in SQL DB. In my case since there is no database to hold the user information, where can I retrieve this data. I tried look for Azure AD Graph API to get the data, however I am not sure how all this can work together. Is there a ASPNET5 sample for this?
I would appreciate any help.
Anand
All replies (3)
Sunday, August 23, 2015 6:27 AM âś…Answered
I just found the solution to access users Full Name while using Azure AD, the original problem as stated above in this thread. I notice that Full Name and a lot more properties can be accessed from the ClaimsPrincipal object associated with the request, below snippet should show you how I am displaying the Full Name in my _LoginPartial.cshtml View.
@using System.Security.Principal
@if (User.Identity.IsAuthenticated)
{
<ul class="nav navbar-nav navbar-right">
<li class="navbar-text">Hello @User.FindFirst("name").Value!</li>
<li><a asp-controller="Account" asp-action="SignOut">Sign Out</a></li>
</ul>
}
else
{
<ul class="nav navbar-nav navbar-right">
<li><a asp-controller="Account" asp-action="Signin">Sign in</a></li>
</ul>
}
As highlighted above the @User.FindFirst("name").Value returns Full Name, similarly other properties such as Azure AD Tenant ID, User Object ID can also be accessed similarly. These are useful in when using Azure AD authentication with Multi-Tenant configuration. Complete user attributes can be accessed from Azure AD using Graph API, especially when integrating with Office 365 Tenants this can give you the users Manager, Location and also the licenses associated with the user. Below is the simple helper class that I created and added to ASP.NET 5 Service Collection in order to take advantage of dependency injection.
UserService.cs
using Microsoft.Azure.ActiveDirectory.GraphClient;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System;
using System.Security.Claims;
using System.Threading.Tasks;
namespace AspNet5_Demo.Services
{
public class UserService
{
private string graphResourceID = "https://graph.windows.net";
private ClientCredential _clientCred { get; set; }
public UserService(string clientId, string authority)
{
_clientCred = new ClientCredential(clientId, authority);
}
public async Task<IUser> GetUser(ClaimsPrincipal userPrincipal)
{
string signedInUserID = userPrincipal.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value;
string tenantID = userPrincipal.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = userPrincipal.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
Uri servicePointUri = new Uri(graphResourceID);
Uri serviceRoot = new Uri(servicePointUri, tenantID);
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot,
async () => await GetTokenForApplication(userPrincipal));
var user = await activeDirectoryClient.Users.GetByObjectId(userObjectID).ExecuteAsync();
return user;
}
public async Task<string> GetTokenForApplication(ClaimsPrincipal userPrincipal)
{
string signedInUserID = userPrincipal.FindFirst("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value;
string tenantID = userPrincipal.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
string userObjectID = userPrincipal.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
AuthenticationContext authenticationContext =
new AuthenticationContext("https://login.microsoftonline.com/" + tenantID, false);
AuthenticationResult authenticationResult =
await authenticationContext.AcquireTokenAsync(graphResourceID, _clientCred);
return authenticationResult.AccessToken;
}
}
}
Also added this lines of code to access it in Controllers & Views:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<CookieAuthenticationOptions>(options =>
{
options.AutomaticAuthentication = true;
});
services.ConfigureOpenIdConnectAuthentication(options =>
{
options.AutomaticAuthentication = true;
options.ClientId = Configuration["Authentication:AzureAd:ClientId"];
options.Authority = Configuration["Authentication:AzureAd:AADInstance"] + "Common";
});
services.AddInstance(new UserService( Configuration["Authentication:AzureAd:ClientId"],
Configuration["Authentication:AzureAd:ClientSecret"]));
// Add MVC services to the services container.
services.AddMvc();
}
Friday, August 21, 2015 11:17 PM
Please refer to this post: http://www.codeproject.com/Tips/991663/Displaying-User-Full-Name-instead-of-User-Email-in
For displaying Full User Name instead of login email.
hope this will help.
Saturday, August 22, 2015 2:22 PM
But this is for ASP.NET 4.x MVC Application using Individual Accounts EF based user repository in SQL Server. I want to do similar with ASP.NET5 and Azure AD Multi-Tenant. The template does not use EF or SQL Server. I may want to use MongoDB, well keeping that aside for now I am not sure how to retrieve the user profile details like Full Name, Group, Location and probably some custom properties.