How to get users info list from Azure AD app by calling Microsoft Graph API from ASP.NET Core Web API?
I have written this code - this API is supposed to return user's information list of my Azure AD app (has delegated permission - User.ReadBasic.All). I have done settings for
"TenantId": "","ClientId": "" & "ClientSecret": ""
in appsettings.json file. But I am getting an "401 Unauthorized" error even if I sent the request with token from Postman.
namespace WebApplication4.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class UsersController : ControllerBase
{
private readonly ITokenAcquisition _tokenAcquisition;
public UsersController(ITokenAcquisition tokenAcquisition)
{
_tokenAcquisition = tokenAcquisition;
}
[HttpGet]
public async Task<IActionResult> GetUsers()
{
try
{
// Acquire the access token for Microsoft Graph
var token = await _tokenAcquisition.GetAccessTokenForUserAsync(new[] { "User.ReadBasic.All", "User.Read" });
// Create the GraphServiceClient with an authentication provider
var graphClient = new GraphServiceClient(new AuthProvider(token));
var usersRequestBuilder = graphClient.Users;
var users = await usersRequestBuilder
.GetAsync(requestConfiguration: request =>
{
request.QueryParameters.Select = new[] { "displayName", "userType", "mail" };
});
return Ok(users);
}
catch (Exception ex)
{
return StatusCode(StatusCodes.Status500InternalServerError, "An error occurred while fetching users.");
}
}
private class AuthProvider : IAuthenticationProvider
{
private readonly string _token;
public AuthProvider(string token)
{
_token = token;
}
public async Task AuthenticateRequestAsync(RequestInformation request, Dictionary<string, object>? additionalAuthenticationContext = null, CancellationToken cancellationToken = default)
{
// Set the Authorization header
request.Headers.Add("Authorization", $"Bearer {_token}");
await Task.CompletedTask;
}
}
}
}
I am attaching the image - This is how I've added token in request header.
I am also getting the correct token. But when I am sending the get request I am getting 401 Unauthorized. Instead I want the user info.
What am I doing wrong?
Solution
The error you are facing is due to not configuring the Scope in the appsettings.json.
I added the Scope as access_as_user in the Azuree AD app as shown below.
appsettings.json :
{
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"TenantId": "<tenantID>",
"ClientId": "<clientID>",
"Scopes": "access_as_user"
},
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*",
"MicrosoftGraph": {
"BaseUrl": "https://graph.microsoft.com/v1.0"
}
}
Below is the complete ASP.NET Web API code to authenticate and get a list of user information from an Azure AD app by calling the Microsoft Graph API.
UsersController.cs :
using Microsoft.AspNetCore.Mvc;
using Microsoft.Graph;
using Microsoft.Identity.Web;
using System.Net.Http.Headers;
namespace WebApplication5.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class UsersController : ControllerBase
{
private readonly ITokenAcquisition _tokenAcquisition;
private readonly ILogger<UsersController> _logger;
public UsersController(ITokenAcquisition tokenAcquisition, ILogger<UsersController> logger)
{
_tokenAcquisition = tokenAcquisition;
_logger = logger;
}
[HttpGet]
public async Task<IActionResult> GetUsers()
{
try
{
var token = await _tokenAcquisition.GetAccessTokenForUserAsync(new[] { "User.ReadBasic.All", "User.Read" });
var graphClient = new GraphServiceClient(new AuthProvider(token));
var users = await graphClient.Users
.Request()
.Select(u => new { u.DisplayName, u.UserType, u.Mail })
.GetAsync();
return Ok(users);
}
catch (Exception ex)
{
_logger.LogError(ex, "An error occurred while fetching users.");
return StatusCode(StatusCodes.Status500InternalServerError, "An error occurred while fetching users.");
}
}
private class AuthProvider : IAuthenticationProvider
{
private readonly string _token;
public AuthProvider(string token)
{
_token = token;
}
public async Task AuthenticateRequestAsync(HttpRequestMessage request)
{
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", _token);
await Task.CompletedTask;
}
}
}
}
Program.cs :
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Identity.Web;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAd"))
.EnableTokenAcquisitionToCallDownstreamApi()
.AddMicrosoftGraph(builder.Configuration.GetSection("MicrosoftGraph"))
.AddInMemoryTokenCaches();
builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
var app = builder.Build();
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
I granted admin consent for User.ReadBasic.All and User.Read as shown below.
Postman Output :
In Postman, I configured the Authorization header with the following values.
Make sure to add the Scope as below in the Postman.
Scope : api://<clientID>/access_as_user
I added the below callback URL from Postman to the Azure AD app's Authentication settings as a Web URI.
https://oauth.pstmn.io/v1/callback
I successfully retrieved the user information list from the Azure AD app by calling the Microsoft Graph API in Postman, as shown below.
- Replacing service layer with MediatR - is it worth to do it?
- ASP.NET Core MVC filter analogue for gRPC service
- Why is using custom routes returning a 404 in my Razor Pages application?
- Why Http Post in Orchard Core asp net core Web App returns bad request
- Property Injection in ASP.NET Core
- How to force ASP.NET Core source code to not be optimized
- Is there any way to load a single page at a time using Blazor WebAssembly
- This localhost page can’t be found - No webpage was found for the web address.- ASP.NET Core
- log4net:ERROR ConfigureFromXml called with null 'element' parameter for Postgres SQL
- ASP.Net Core Background Service with Task Queue, does it need a Task.Delay?
- Input number does not respect step
- How to customize localization provider (.resx to database) in Razor Pages
- How to get user information in DbContext using Net Core
- Application Insights does not capture information level logging
- How to best add the Last-Modified header in asp .net middleware
- What is the correct way to get data for an EditForm using EF Core, with or without tracking?
- Why my properties in my blazor wasm always become null when i submit the form
- Blazor two way binding and on value changed event in the parent
- How to search for users in Active Directory from ASP.NET Core
- The framework 'Microsoft.NETCore.App', version '5' was not found while Microsoft.NETCore.App 5.0.0 is found
- ILoggingBuilder AddEventLog Linux compatibility
- Getting duplicates when saving an item with two fields in a many-to-many relationship
- Filter Serilog logs to different sinks depending on context source?
- ASP.NET Core log-in not redirecting me to home page
- ASP.NET Core 6 : The best way to list a group of numbers in a string?
- Error when using implementations with different constraints in C# dependency injection
- Azure Storage Account StorageSharedKeyCredential
- ASP.NET Core 6 Web API : custom authentication handler and Angular HttpInterceptor [receive Status code =0 for 401 Unauthorized Response]
- Blazor Web App NavigationManager in Client -> Exception_WasThrown
- How to return JSON result in ASP.NET Core 8 project