Reputation:
How to Get the AAD group member?
How to get the Group members list in the OutLook by using Azure Active directory. I already registered my application in Azure portal. I am newbie to this Azure API. My problem is to get the Particular group`s members list by C#.
I have Application, Client ID, Object ID, Tenant ID, URI, Client secret. But I do not know that how to use it?
My aim is If I give the group Mail ID means the Group List should be displayed!
Upvotes: 2
Views: 6166
Answers (1)
Reputation: 14649
We can use the Azure AD Graph to list the members of a specific group, you can check the REST from here.
We can use the Client Credentials flow to authenticate with Azure AD which doesn't require users interaction. And to use the Azure AD Graph with Client Credentials flow, we need to grant the application permission to the app first like below:
Here is the code samples to print the members using this flow for your reference:
Install the Active Directory Authentication Library:
Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory
Install Microsoft Azure Active Directory Graph Library:
Install-Package Microsoft.Azure.ActiveDirectory.GraphClient
Code:
static void Main(string[] args)
{
string authority = "https://login.microsoftonline.com/{0}";
string graphResourceId = "https://graph.windows.net";
string tenantId = "xxxx.onmicrosoft.com";
string clientId = "";
string secret = "";
authority = String.Format(authority, tenantId);
Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantId);
AuthenticationContext authContext = new AuthenticationContext(authority);
var accessToken = authContext.AcquireTokenAsync(graphResourceId, new ClientCredential(clientId, secret)).Result.AccessToken;
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));
var groupFetcher = (IGroupFetcher)activeDirectoryClient.Groups.ExecuteAsync().Result.CurrentPage.First(g => g.Mail == "[email protected]");
var membersResult = groupFetcher.Members.ExecuteAsync().Result;
PrintMembers(membersResoult);
while (membersResoult.MorePagesAvailable)
{
membersResoult = membersResoult.GetNextPageAsync().Result;
PrintMembers(membersResult);
}
Console.ReadLine();
}
static void PrintMembers(IPagedCollection<IDirectoryObject> pageCollection)
{
foreach (var member in pageCollection.CurrentPage)
{
var user = member as Microsoft.Azure.ActiveDirectory.GraphClient.User;
if (user != null)
Console.WriteLine(user.DisplayName);
else
{
var groupMember = member as Microsoft.Azure.ActiveDirectory.GraphClient.Group;
Console.WriteLine(groupMember.DisplayName);
}
}
}
Update( append code to show the claims in the token)
Install the package to help decode token(install-package System.IdentityModel.Tokens.Jwt)
string accessToken = "";
var handler = new JwtSecurityTokenHandler();
var tokenS = handler.ReadToken(accessToken) as JwtSecurityToken;
foreach (var claim in tokenS.Claims)
{
Console.WriteLine($"{claim.Subject}:{claim.Value}");
}
Upvotes: 5
Related Questions
- GraphServiceClient get group from name
- How to get group names of the user is a member of using Microsoft Graph API?
- Microsoft Graph API to get list of AAD groups owned by a user
- How to fetch group memberships from an AAD group
- Using GraphServiceClient to retrieve group info of Azure Ad members
- get group members from azure ad via microsoft graph
- Azure AD - get Group AD Name via Graph Service or claims
- Get Users in Group from Azure AD via Microsoft Graph
- Get member-groups in Azure AD Graph Helper
- how to get the groupId from group name in AAD graph API