Reputation: 5395
Cannot retrieve data from Active Directory
I created a new Blazor application with Azure AD authentication. Login functionality works as expected. Now I need to retrieve a list of users of a particular group. On Azure AD, I created a Client Secret. Also, I added Microsoft.Graph permissions Directory.Read.All, Group.Read.All, and GroupMember.Read.All, and granted admin consent for the permissions.
Here are the permissions:
Here is my code I use to retrieve the users of a group:
var scopes = new string[] { "https://graph.microsoft.com/.default" };
var confidentialClient = ConfidentialClientApplicationBuilder
.Create(_adSettings.ClientId)
.WithAuthority($"{_adSettings.Instance}/{_adSettings.TenantId}/ v2.0")
.WithClientSecret(_adSettings.ClientSecret)
.Build();
GraphServiceClient graphServiceClient = new GraphServiceClient(new DelegateAuthenticationProvider(async (requestMessage) => {
// Retrieve an access token for Microsoft Graph (gets a fresh token if needed).
var authResult = await confidentialClient.AcquireTokenForClient(scopes).ExecuteAsync();
// Add the access token in the Authorization header of the API
requestMessage.Headers.Authorization =
new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
}));
var members = await graphServiceClient.Groups["[email protected]"]
.Members
.Request()
.GetAsync();
The last statement throws an exception:
An error occurred sending the request. HttpStatusCode: 404: NotFound
I tried to replace it with
var users = await graphServiceClient.Users.Request().GetAsync();
But result was the same.
Upvotes: 1
Views: 306
Answers (1)
Reputation: 12153
You should specify your group object ID instead of the group name:
My test group:
Test code and result:
UPDATE:
This is a C# console app code for this test, hope it helps :
using Microsoft.Graph;
using Microsoft.Graph.Auth;
using Microsoft.Identity.Client;
using System;
namespace graphsdktest
{
class Program
{
static void Main(string[] args)
{
var clientId = "<Azure AD App ID>";
var clientSecret = "<App secret>";
var tenantID = "<tenant ID>";
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithTenantId(tenantID)
.WithClientSecret(clientSecret)
.Build();
ClientCredentialProvider authenticationProvider = new ClientCredentialProvider(confidentialClientApplication);
var graphClient = new GraphServiceClient(authenticationProvider);
var result = graphClient.Groups["<group ID>"].Members.Request().GetAsync().GetAwaiter().GetResult();
foreach (var user in result) {
Console.WriteLine(user.Id);
}
}
}
}
UPDATE 2:
If you get some permission exception while you query members of a group, pls go to Azure AD => App registrations => find your app => API permissions => Add a permission => Microsoft graph api => application permission => GroupMember.Read.All :
And click This button to finish the grant process :
Upvotes: 1
Related Questions
- Blazor using Azure AD authentication allowing anonymous access
- Getting user data from Azure AD in a Blazor WASM application
- Blazor + Azure AD authentication: Single Tenant login giving "Sorry, there's nothing at this address"
- Why is the returned access token null in a Blazor Server-Side application?
- Blazor Client/Server AAD Authentication issue after publish
- Blazor azure AD retrieve email from graph API
- Can't retrieve Display Name, username, and all other properties using Microsoft.Graph
- Connecting Blazor Server App to Azure AD - Insufficient Permissions
- AzureADB2C GetAccessTokenForUserAsync Error "The scope 'user.read' provided in the request is not supported"
- Get authentication token with Blazor Server and Azure AD authentication