stackoom
  简体   繁体   中英

How to get/set custom Azure Active Directory B2C user attributes in ASP.NET MVC?

 原文  2018-02-13 15:00:33       c#/ azure-active-directory/ microsoft-graph-api/ azure-ad-b2c

Question

I have added a custom Organization field as a User Attribute in my Azure Active Directory B2C tenant, like so:

在此处输入图片说明

I am using the Microsoft Graph .NET Client Library to manage users in Azure Active Directory B2C and would like to use something similar to the following code to set the user's custom Organization field and the user's built-in Email Addresses field.

await graphClient.Users[user.Id].Request().UpdateAsync(new User()
{
    Email Addresses = new StringCollection("myemail@mydomain.com")
    Organization = "Microsoft"
});

Two questions:

  1. How do I set a Built-in field, like the Email Addresses ?
  2. How do I set a Custom field, like Organization ?

This documentation shows how to create a custom attribute but does not tell how to access or use that attribute using the Graph Client.

This documentation shows how to create custom attributes and edit the Relying Party (RP) file .

Is there an easier way? And what is the graphClient code to then get/set these custom user attributes?

4 answers

solution1
 3 ACCPTED  2018-02-14 10:24:41

It is a bit confusing about whether the Microsoft Graph API, and hence the Microsoft Graph Client, supports the extension properties that are registered with an Azure AD B2C tenant.

When I query a user object using the Azure AD Graph API, then the custom attributes (eg "CreatedTime") are returned.

https://graph.windows.net/{tenant}/users/{objectId}

returns:

{
    "odata.metadata": "https://graph.windows.net/{tenant}/$metadata#directoryObjects/Microsoft.DirectoryServices.User/@Element",
    "odata.type": "Microsoft.DirectoryServices.User",
    "objectType": "User",
    ...
    "extension_917ef9adff534c858b0a683b6e6ec0f3_CreatedTime": 1518602039
}

When I query the same object using the Microsoft Graph API, then the custom attributes aren't returned.

https://graph.microsoft.com/v1.0/users/{id}/extensions

returns:

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('{id}')/extensions",
    "value": []
}

Unless you receive a better answer, then I suggest you use the Azure AD Graph API, and optionally the Azure AD Graph Client , to get and set the extension properties for the Azure AD B2C users.

Examples of getting and setting the extension properties for users can be found at Announcing Azure AD Graph API Client Library 2.0

solution2
 2  2020-09-02 22:05:04

You are able to do this with the Micorsoft Graph API SDK.

See this example, UserService.CreateUserWithCustomAttribute() https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/4-WebApp-your-API/4-2-B2C

To update a custom property:

var updateUser = new User();
updateUser.AdditionalData = new Dictionary<string, object>();
updateUser.AdditionalData["extension_{app id}_{property name}"] = "new value";

var result = await graphClient.Users["{id}"].Request().UpdateAsync(updateUser);

The {app id} in the code above is the id of the app created by default with the name b2c-extensions-app. Do not modify. Used by AADB2C for storing user data. b2c-extensions-app. Do not modify. Used by AADB2C for storing user data. However the "-" are all removed.

solution3
 1  2020-09-08 12:00:22

In addition to Aaron Hoffman's answer on how to set a custom attribute I use the following snippet to get my attribute:

var graphClient = new GraphServiceClient(authenticationProvider)
{
    BaseUrl = "https://graph.microsoft.com/beta"
};
var user = await graphClient
    .Users["{id}"]
    .Request()
    .GetAsync();
var field = user.AdditionalData["extension_{app id}_{property name}"];

solution4
 0  2020-11-25 19:08:14

So first step is to find in your custom policy:

<TechnicalProfile Id="AAD-Common">...<Item Key="ClientId">57ff56e7-40a0-43fd-a9a3-8d6c1544bcf4a</Item>

Custom attributes are named extension_attributename. To get it trough graphql you will require it like this extension_{client id of the app NO DASHES responasble for storing extensions }_{attributename} eg extension_57ff56e740a043fda9a38d6c1544bcf4a_mycoolattribute as you can see this is done also in the code: https://github.com/Azure-Samples/ms-identity-dotnetcore-b2c-account-management/blob/master/src/Helpers/B2cCustomAttributeHelper.cs#L7-L20 example for graph call: https://graph.microsoft.com/v1.0/users/3545c38b-3f6b-4a4b-8820-e7f954a86e1e?$select=extension_57ff56e740a043fda9a38d6c1544bcf4a_mycoolattribute https://graph.microsoft.com/v1.0/users/{user-objectid}?$select=extension_57ff56e740a043fda9a38d6c1544bcf4a_mycoolattribute,extension_57ff56e740a043fda9a38d6c1544bcf4a_myotherattribute,etc

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can't update Azure Active Directory B2C user using GraphServiceClient - ASP.NET MVC How to check if currently logged-in user is Azure Active Directory B2C “Global Administrator”? ASP.NET MVC `[Authorize(Roles = “admin”)]` Infinite loop ASP.NET MVC and Azure Active Directory B2C Can't create custom attributes in Azure AD B2C with asp.net core Graph API Azure B2C deny="?" in asp.net MVC How to get user information in ASP.NET Core 3.1 from Azure AD B2C user store? Test cloud authentication in web APIs with Azure Active Directory B2C in ASP.NET Core - return error “invalid_request” Azure B2C check user email Id exists or not using Graph in ASP.NET Core 3.1 MVC What is safest way to set password for new Azure Active Directory B2C user? Searching Active Directory B2C by custom property on User
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM