Reputation: 111
Azure AD - get Group AD Name via Graph Service or claims
I'm trying to get the names of Group Azure AD, Inside token after Azure Login (openId) I receive group IDs in json But I need Groups names.
Json after login:
trying to use GraphService At Azure portal, create a secret key but when I put these key in AuthenticationHeaderValue my code brokes.
var graphServiceClientGr = new GraphServiceClient(new DelegateAuthenticationProvider((requestMessage) => {
requestMessage
.Headers
.Authorization = new AuthenticationHeaderValue("Bearer", token);
return Task.FromResult(0);
}));
My var "token" is the same token which i receive after login, and which have claims inside.
At inner exception i receive:
"Access token validation failure. Invalid audience"
What are the correct parameter i should to put in authentication?
AFter these invocation How i receive the name of GROUP? Any suggestions to do that? I don't need role applications Names because i need group AD Names
I think to try with the next line, but i don't know if inside these object I receive names of groups.
In these line, i expect to receive name of groups of these user, who correspon to these login token Groups
or with these line:
Upvotes: 1
Views: 2673
Answers (1)
Reputation: 23121
According to my research, if we configure Groups claim for the Azure AD application, it will just return the ObjectID of groups which the user used to login contains in the group claim value and on-premises group attributes. It cannot return group name. For more details, please refer to the document.
So if we want to get the groups name, we can use Microsoft Graph API to get it. But the api will return directory object and group object. So we need to do some process. For example 1. Register Azure AD application
Configure API permissions
Update web.config
<appSettings>
<add key="ida:AppID" value="YOUR APP ID" />
<add key="ida:AppSecret" value="YOUR APP PASSWORD" />
<add key="ida:RedirectUri" value="https://localhost:PORT/" />
<add key="ida:AppScopes" value="User.Read Directory.ReadWrite.All Directory.AccessAsUser.All />
</appSettings>
- Add the follwoing code to ```Startup.cs
private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedNotification notification)
{
var idClient = ConfidentialClientApplicationBuilder.Create(appId)
.WithRedirectUri(redirectUri)
.WithClientSecret(appSecret)
.Build();
string message;
string debug;
try
{
string[] scopes = graphScopes.Split(' ');
var result = await idClient.AcquireTokenByAuthorizationCode(
scopes, notification.Code).ExecuteAsync();
message = "Access token retrieved.";
debug = result.AccessToken;
}
catch (MsalException ex)
{
message = "AcquireTokenByAuthorizationCodeAsync threw an exception";
debug = ex.Message;
}
notification.HandleResponse();
notification.Response.Redirect($"/Home/Error?message={message}&debug={debug}");
}
- Call the graph api
var graphClient = new GraphServiceClient(
new DelegateAuthenticationProvider(
async (requestMessage) =>
{
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", accessToken);
}));
var results = await graphClient.Me.MemberOf.Request().GetAsync();
var lists = results.ToList();
Group group;
foreach (var a in lists) {
if (a.GetType() == typeof(Group)) {
group = a as Group;
var groupId=group.Id;
var groupName=group.DisplayName;
}
}
For more details about how to develop the application, please refer to the document.
Upvotes: 1
Related Questions
- GraphServiceClient get group from name
- How to get group names based on group id in azure active directory using graph service client
- How to Get the AAD group member?
- Using GraphServiceClient to retrieve group info of Azure Ad members
- get group members from azure ad via microsoft graph
- Issue in finding Group name of specific user in Microsoft Graph API
- Get a list of groups that Azure AD user belongs to in claims
- Get Users in Group from Azure AD via Microsoft Graph
- Azure AD - Retrieve a On-Prem AD Group Common Name
- how to get the groupId from group name in AAD graph API