Reputation: 619
Can't retreive displayName for an Azure AD tenant
Issue
Can't retreive displayName for a tenant
What is s OK
My application is a multi-tenant web site. I authenticate the customer with Open Id Connect and get an access token (say armToken) from a code grant flow in ordre to run this request:
https://management.azure.com/tenants
That get a list of all tenants where customer is declared. Say it is Tenants.
This works fine.
Where it goes wrong
Then I want to get some more information about all tenants as it's display name. So I need to run this request for each tenant on Tenants:
https://graph.windows.net/[tenantId]/tenantDetails?api-version=1.6
I use a code like this:
foreach (Tenant tenant in Tenants)
{
string graphToken = await
GetAuthorizationToken("https://graph.windows.net/", tenant.TenantId);
string json = await GetGraphRequest($"https://graph.windows.net/{tenant.TenantId}/tenantDetails? api-version=1.6", graphToken);
// I parse JSON to get my informations
}
What I tried
The issue is probably in GetAuthorizationToken method that don't retreive a proper token. I tested all AcquireTokenAsync signature, none of the is working except:
AcquireTokenAsync(string resource, ClientCredential clientCredential);
But the token received only works in the case where the tenant tested match TID found in user's claims.
Depending the tenant I get several messages:
{"odata.error":{"code":"Authorization_RequestDenied","message":{"lang":"en","value":"Insufficient privileges to complete the operation."}}}
==> But I gave all possible permissions on Microsoft Grant
or
{"odata.error":{"code":"Authorization_IdentityNotFound","message":{"lang":"en","value":"The identity of the calling application could not be established."}}}
=> effectively I have no claims as OID in the token
- I checked there are not slash issue in the uri.
- I checked the Graph request with Postman to be sure this is not a issue in the code
- I am global admin
My question
I really don't know what I can do more.
This should be possible because I can see it working here:
https://github.com/projectkudu/AzureResourceExplorer/
But it does not use ADAL library. So maybe thre is a limitation about that library?
Upvotes: 1
Views: 1281
Answers (1)
Reputation: 27538
If user login your application with azure ad account , using azure ad graph api tenantDetails operation , you could only get the tenant details which issues the access token . Otherwise , it will throw error : Invalid domain name in the request url .
To get a list of all the Azure AD instances associated with user account , you could try Windows Azure Service Management API , Please refer to my reply here . In response ,you could get displayName,domainName,ID of the tenants.
Upvotes: 1
Related Questions
- Get domain\username from microsoft graph
- How to get Azure tenant name from graph.microsoft.com?
- How to get username from Azure Active Directory using user Id (object id)
- Azure AD: Fetch Tenant ID using Client Details
- How to read username(DisplayUserPrincipalName) from Azure AD B2C using graph API?
- Issue in Matching Department Name while using Microsoft Graph API V1.0
- 'DirectoryObject' does not contain a definition for 'DisplayName'
- How to get equivalent of "User name" using Microsoft Graph
- azure ad graph api not pulling user information
- How to retrieve all user's display name from Azure Active Directory?