CODEWITHSUNDEEP
azureazure-web-app-serviceazure-active-directory
nirsky
nirsky

Reputation: 3105

Get logged in user with Azure Web Apps Auth

Azure Web App has a great global Authentication options.
I'm currently using Azure AD as 'Authentication Provider' and as 'Log in with...' as well:

screenshot of azure authentication

This works great but I can't figure how the get the username (email) of the currently signed in user. Many features of my app have this requirement.
Any ideas?

Upvotes: 17

Views: 16961

Answers (4)

PotatoFarmer
PotatoFarmer

Reputation: 2974

rehash of Chris Gillum answer, w/ minor additions

Reference: https://learn.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to#access-user-claims

Client Side/SPA:

Via Endpoint: /.auth/me

axios.get("/.auth/me")
.then(r => {console.log(r.data)})

Note: This endpoint is only available if token-store is enabled (otherwise will return 404).

Note: Login session cookie (currently named AppServiceAuthSession) must be included in the AJAX call (which happens by default)

Server side:

A. Via HTTP Request Headers:

  • X-MS-CLIENT-PRINCIPAL-NAME #Email of user
  • X-MS-CLIENT-PRINCIPAL-ID
  • Potentially others (prefixed with X-MS-CLIENT-*)

B. Via /.auth/me endpoint (see above)

Upvotes: 4

RubbelDieKatz
RubbelDieKatz

Reputation: 1187

Thanks to @Chris' answer, I was able to write a function that returns the logged in user's email.

    public static String getEmail(HttpContext context)
    {
        String identifier = "X-MS-CLIENT-PRINCIPAL-NAME";
        IEnumerable<string> headerValues = context.Request.Headers.GetValues(identifier);
        if (headerValues == null)
        {
            System.Diagnostics.Debug("No email found!");
            return "";
        }
        else { 
            System.Diagnostics.Debug(headerValues.FirstOrDefault());
            return headerValues.FirstOrDefault();
        }
    }

Upvotes: 4

Chris Gillum
Chris Gillum

Reputation: 15042

There are several ways to do this. If you're using Azure AD and node.js, the easiest way is to look at the X-MS-CLIENT-PRINCIPAL-NAME HTTP request header. That will contain the email of the user.

If you want to get user information from some JavaScript code on the client, you can alternatively make an AJAX request to the site's /.auth/me endpoint. As long as the login session cookie (currently named AppServiceAuthSession) is included in the AJAX call (which happens by default), you'll get a JSON blob that contains not only the email, but also all other claims associated with the user. This technique works on the server-side as well.

Upvotes: 23

Brian Sherwin
Brian Sherwin

Reputation: 962

If you are using the Passport-azuread library with your nodejs, you can do something like the following code snippet:

<% if (user) { %>
    <p>displayName: <%= user.displayName %></p>
    <p>givenName: <%= user.name.givenName %></p>
    <p>familyName: <%= user.name.familyName %></p>
    <p>Full User Data</p>
    <%- JSON.stringify(user) %>
<% } %>

You can find a full Azure AD example for Node here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-openidconnect-nodejs/#5-create-the-views-and-routes-in-express-to-display-our-user-in-the-website

Upvotes: 1

Related Questions