I am trying to fetch a user from a tenant by email. It works when getting some users, but doesn't work when getting a particular user who happens to have a '+' in the email address. I am not sure if that character is the problem or if it's something else. The query below always returns null for that user. My question, is how do I figure out why it's returning null when the user is obviously there for that particular user? I checked Audit Logs in AD B2C tenant, but they only show logins or deletions. Where can I check what happened with the graph API call? Second question, why would it do this? The user is obviously there!
public static GraphServiceClient GetGraphServiceClient()
{
var clientapp = ConfidentialClientApplicationBuilder
.Create(Globals.ClientId)
.WithTenantId(Globals.TenantId)
.WithClientSecret(Globals.ClientSecret)
.Build();
ClientCredentialProvider authProvider = new ClientCredentialProvider(clientapp);
return new GraphServiceClient(authProvider);
}
public static async Task<User> GetADUserAsyncByEmail(string email)
{
var graphClient = GetGraphServiceClient();
try
{
Logger.Log(LogLevel.Trace, $"Contacting AD tenant {Globals.Tenant} for user {email}.");
var users = await graphClient.Users
.Request()
.Filter($"identities/any(c:c/issuerAssignedId eq '{email}' and c/issuer eq '{Globals.Tenant}')")
.Select("displayName,id,userPrincipalName")
.GetAsync();
Logger.Log(LogLevel.Trace, $"Finished contacting AD tenant {Globals.Tenant} for user {email}.");
var foundUser = users.FirstOrDefault();
return foundUser;
}
catch (ServiceException ex)
{
Logger.Log(LogLevel.Error, ex, $"Error Alert:Encountered an exception when trying to get AD User {email}.");
return null;
}
catch (Exception ex)
{
Logger.Log(LogLevel.Error, ex, $"Error Alert:Encountered an exception when trying to get AD User {email}.");
return null;
}
}
It seems that Microsoft graph's handling of issuerAssignedId
is not perfect.
It will encode the request url to URL-encoded format with the content of {email}
being ignored.
Nevertheless, it can still return the correct result for most symbols that have not been encoded. For example, "*".
"+" seems a bit special, and Microsoft graph does not handle it well.
As a workaround, you can use Uri.EscapeDataString to encode the email and put it into filter.
var encodedEmail = Uri.EscapeDataString(email);
AND
.Filter($"identities/any(c:c/issuerAssignedId eq '{encodedEmail}' and c/issuer eq '{Globals.Tenant}')")
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.