All geek questions in one place

Azure ActiveDirectory Graph API GraphClient does not return AD groups

I want to get user group information from Azure AD.

Using the following chart API packages for this

  • Microsoft.Azure.ActiveDirectory.GraphClient
  • Microsoft.IdentityModel.Clients.ActiveDirectory 2.13.112191810

I can successfully get user information from the Azure Graph API.

But when I run this method to retrieve user groups, Fiddler shows a successful HTTP 200 response with a JSON fragment containing group information, however the method itself does not return with IEnumerable.

IEnumerable<string> groups = user.GetMemberGroupsAsync(false).Result.ToList();

The code does not seem to return from this asynchronous request.

The experience gained is a blank page, while the authentication pipeline is stuck.

Full code

public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
    {
        if (!incomingPrincipal.Identity.IsAuthenticated == true &&
            _authorizationService.IdentityRegistered(incomingPrincipal.Identity.Name))
        {
            return base.Authenticate(resourceName, incomingPrincipal);
        }

        _authorizationService.AddClaimsToIdentity(((ClaimsIdentity) incomingPrincipal.Identity));

        Claim tenantClaim = incomingPrincipal.FindFirst(TenantIdClaim);

        if (tenantClaim == null)
        {
            throw new NotSupportedException("Tenant claim not available, role authentication is not supported");
        }

        string tenantId = tenantClaim.Value;
        string authority = String.Format(CultureInfo.InvariantCulture, _aadInstance, _tenant);
        Uri servicePointUri = new Uri("https://graph.windows.net");
        ClientCredential clientCredential = new ClientCredential(_clientId, _password);

        AuthenticationContext authContext = new AuthenticationContext(authority, true);
        AuthenticationResult result = authContext.AcquireToken(servicePointUri.ToString(), clientCredential);
        Token = result.AccessToken;

        ActiveDirectoryClient activeDirectoryClient =
            new ActiveDirectoryClient(new Uri(servicePointUri, tenantId),
                async () => await AcquireTokenAsync());

       IUser user = activeDirectoryClient
           .Users
           .Where(x => x.UserPrincipalName.Equals(incomingPrincipal.Identity.Name))
           .ExecuteAsync()
           .Result
           .CurrentPage
           .ToList()
           .FirstOrDefault();

        if (user == null)
        {
            throw new NotSupportedException("Unknown User.");
        }          

       IEnumerable<string> groups = user.GetMemberGroupsAsync(false).Result.ToList();


        return incomingPrincipal;
    }
+4
2

. https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet

        IUserFetcher retrievedUserFetcher = (User) user;
        IPagedCollection<IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result;
        do {
            List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
            foreach (IDirectoryObject directoryObject in directoryObjects) {
                if (directoryObject is Group) {
                    Group group = directoryObject as Group;
                    ((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(
                        new Claim(ClaimTypes.Role, group.DisplayName, ClaimValueTypes.String, "GRAPH"));
                }
            }
            pagedCollection = pagedCollection.GetNextPageAsync().Result;
        } while (pagedCollection != null && pagedCollection.MorePagesAvailable);
+4

IEnumerable, string groups = user.GetMemberGroupsAsync(false).Result.ToList() , IEnumerable, string.

IEnumerable<string> groups = await user.GetMemberGroupsAsync(false);

.

0

Source: https://habr.com/ru/post/1569147/

More articles:


All Articles