Last post Apr 13, 2020 11:25 PM by progdever
Mar 12, 2020 04:31 PM|progdever|LINK
I need to read few extension attributes in Azure AD using ASP.NET MVC Core. I am able to read name: @User.Identity.Name and few others but not extensionattributes.
Any way I can query these attributes? Need to check this value and allow authorization to a view based on the value.
Mar 13, 2020 02:19 AM|Brando ZWZ|LINK
If you want to check the user's extension information, you should use the Microsoft graph to achieve your requirement. You could directly use the graph library, more details about how to use it, you could refer to below article.
Besides, I suggest you could also use the Microsoft graph api v1.0 to achieve your requirement, you could get the user's access token and send it to Microsoft graph api to get the user extension.
More details about how to do it, you could refer to this article.
Mar 13, 2020 04:33 PM|progdever|LINK
Thanks for this. Can you give me a sample code?
Mar 17, 2020 02:49 AM|Brando ZWZ|LINK
Here is a Microsoft Graph Connect Sample for ASP.NET Core 2.1 demo.
This demo is using ASP.NET Core 2.1 MVC to connect to Microsoft Graph using the delegated permissions flow to retrieve a user's profile, their photo from Azure AD (v2.0) endpoint and then send an email that contains the photo as attachment.
Notice: You need register your application in AAD by yourself by following the
Mar 17, 2020 09:11 PM|progdever|LINK
Thanks. I followed this through and when running I am getting this error:
OpenIdConnectProtocolException: Message contains error: 'unsupported_response_type', error_description: 'AADSTS700054: response_type 'id_token' is not enabled for the application.
Trace ID: 435cefa6-e646-47a9-ab60-7b9c11fa3500
Correlation ID: cf087710-4937-424f-90fe-770393751eab
Mar 18, 2020 02:09 AM|Brando ZWZ|LINK
I guess you may not enable 'id_token' for the application, you need open the Azure portal, locate the AAD --> APP registration --> Select your registered app --> Authentication and enable the id-token.
Mar 18, 2020 10:59 PM|progdever|LINK
Thanks, but I did enable the implicit ID Tokens. This is the error:
OpenIdConnectProtocolException: Message contains error: 'unsupported_response_type', error_description: 'AADSTS700054: response_type
Mar 18, 2020 11:07 PM|progdever|LINK
Actually this is the new error:
MsalServiceException: AADSTS50194: Application 'dea19b3a-7c1e-4a2d-a508-1f52c492450b'(SMT-Graph-3-18) is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'.
Use a tenant-specific endpoint or configure the application to be multi-tenant.
Apr 13, 2020 11:25 PM|progdever|LINK
I ended up solving this using MSAL and OpenID Connect and using Graph API later.