通过电子邮件地址查找用户

Question

I'm trying find out if an email address is already taken in my Azure AD B2C directory.

var token = await this.GetTokenAsync();

var client = new HttpClient();

var id = HttpUtility.UrlEncode("adrian_mydomain.com#EXT#@xxxxxxxxx.onmicrosoft.com");
////var id = HttpUtility.UrlEncode("adrian@mydomain.com"); // This also fails.
////var id = HttpUtility.UrlEncode("adrian_mydomain.com#EXT#"); // This also fails.
////var id = "xxxx-xxxx-xxxxxxxx-xxxxxxxxxx"; // This also fails (user object id).

var resource = $"{this.graphConfig.GraphUri}/{this.graphConfig.Tenant}/users/{id}?api-version=1.6";
//// This line below works, it returns all the users, so I do know the token is good and the resource URI is valid, etc.
////var resource = $"{this.graphConfig.GraphUri}/{this.graphConfig.Tenant}/users?api-version=1.6";

var request = new HttpRequestMessage(HttpMethod.Get, resource);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);

var response = await client.SendAsync(request);
var content = await response.Content.ReadAsStringAsync();

I'm encoding my email address in the same way that I see my email address encoded when I get all users. I have a feeling I'm close, if it is even possible to query by email address.

Currently all the things I've tried either return a 400 or a 404. Does anyone know if there is a way to query by email address (sign in name)?

EDIT

On a similar theme, I'm also trying a query to change a user's password to no avail. I figure if I can get the query working for one, I can get it working on the other.

Answer 1

Since it is a odata, you can query using odata syntax. Odata syntax here

var queryString = HttpUtility.ParseQueryString(string.Empty);
queryString["api-version"] = "1.6";
queryString["$filter"] = "signInNames/any(x:x/value eq 'paule@test.in')";

string url = "https://graph.windows.net/" + tenant + "/users"+ "?" + queryString;

$filter did the trick

queryString["$filter"] = "signInNames/any(x:x/value eq 'paule@test.co.uk')";

Answer 2

Take a look at the B2C.exe implementation, first get that working: https://azure.microsoft.com/nl-nl/documentation/articles/active-directory-b2c-devquickstarts-graph-dotnet/

You will notice that the user is referenced by GUID or by UPN , not by email! Emails are in the collection signInNames

To query on email address, you will need to specify a filter: https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/users-operations#GetUsers

Start with the GetUsers(to get all users), then update password and last the filter.

Answer 3

signInNames isn't the only place that emails are stored. It could also be userPrincipalName or otherMails. You'll want to use the following query to search all possible fields for an email.

/users?api-version=1.6&$filter=otherMails/any(x:x eq '{email}') or userPrincipalName eq '{email}' or signInNames/any(x:x/value eq '{email}')

Answer 4

I'm also trying to find a user by their login/email address.

Here's my (obfuscated XXXX) query string:

"https://graph.windows.net/XXXX.onmicrosoft.com/users?api-version=1.6&$filter=signInNames/any(x: x/value eq 'dd.rrr@XXXX.com')"

It doesn't error, but doesn't find the user (whom I know to exist, because GetAllUsers finds it).

However, looking at the user details, I can see:

"showInAddressList": null,
"signInNames": [],
"sipProxyAddress": null,

Could this be a clue as to why search doesn't work?

How can a user NOT have a signInName ?