Azure AD - 通过图形服务或声明获取组 AD 名称

Question

I'm trying to get the names of Group Azure AD, Inside token after Azure Login (openId) I receive group IDs in json But I need Groups names.

Json after login:

Claims

trying to use GraphService At Azure portal, create a secret key but when I put these key in AuthenticationHeaderValue my code brokes.

Portal Azure Add Key

var graphServiceClientGr = new GraphServiceClient(new DelegateAuthenticationProvider((requestMessage) => {
                requestMessage
                    .Headers
                    .Authorization = new AuthenticationHeaderValue("Bearer", token);

                return Task.FromResult(0);
            }));

My var "token" is the same token which i receive after login, and which have claims inside.

At inner exception i receive:

"Access token validation failure. Invalid audience"

Exception

What are the correct parameter i should to put in authentication?

AFter these invocation How i receive the name of GROUP? Any suggestions to do that? I don't need role applications Names because i need group AD Names

I think to try with the next line, but i don't know if inside these object I receive names of groups.

In these line, i expect to receive name of groups of these user, who correspon to these login token Groups

or with these line:

grapServiceClient.Me

Answer 1

According to my research, if we configure Groups claim for the Azure AD application, it will just return the ObjectID of groups which the user used to login contains in the group claim value and on-premises group attributes. It cannot return group name. For more details, please refer to the document .

So if we want to get the groups name, we can use Microsoft Graph API to get it. But the api will return directory object and group object. So we need to do some process. For example 1. Register Azure AD application

2. Configure API permissions

3. Update web.config

<appSettings>
    <add key="ida:AppID" value="YOUR APP ID" />
    <add key="ida:AppSecret" value="YOUR APP PASSWORD" />
    <add key="ida:RedirectUri" value="https://localhost:PORT/" />
    <add key="ida:AppScopes" value="User.Read Directory.ReadWrite.All Directory.AccessAsUser.All />
</appSettings>

4. Add the follwoing code to ```Startup.cs

private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedNotification notification)
        {
            var idClient = ConfidentialClientApplicationBuilder.Create(appId)
                .WithRedirectUri(redirectUri)
                .WithClientSecret(appSecret)
                .Build();

            string message;
            string debug;

            try
            {
                string[] scopes = graphScopes.Split(' ');

                var result = await idClient.AcquireTokenByAuthorizationCode(
                    scopes, notification.Code).ExecuteAsync();

                message = "Access token retrieved.";
                debug = result.AccessToken;
            }
            catch (MsalException ex)
            {
                message = "AcquireTokenByAuthorizationCodeAsync threw an exception";
                debug = ex.Message;
            }

            notification.HandleResponse();
            notification.Response.Redirect($"/Home/Error?message={message}&debug={debug}");
        }

5. Call the graph api

            var graphClient = new GraphServiceClient(
                new DelegateAuthenticationProvider(
                    async (requestMessage) =>
                    {
                        requestMessage.Headers.Authorization =
                            new AuthenticationHeaderValue("Bearer", accessToken);
                    }));
            var results = await graphClient.Me.MemberOf.Request().GetAsync();
            var lists = results.ToList();
            Group group;
            foreach (var a in lists) {

                if (a.GetType() == typeof(Group)) {

                    group = a as Group;
                    var groupId=group.Id;
                    var groupName=group.DisplayName;


                }


            }

For more details about how to develop the application, please refer to the document .