stackoom
  简体   繁体   中英

microsoft graph api sdk returns null user even when the user is there

 原文  2021-04-07 01:13:54       microsoft-graph-api/ azure-ad-b2c

Question

I am trying to fetch a user from a tenant by email. It works when getting some users, but doesn't work when getting a particular user who happens to have a '+' in the email address. I am not sure if that character is the problem or if it's something else. The query below always returns null for that user. My question, is how do I figure out why it's returning null when the user is obviously there for that particular user? I checked Audit Logs in AD B2C tenant, but they only show logins or deletions. Where can I check what happened with the graph API call? Second question, why would it do this? The user is obviously there!

   public static GraphServiceClient GetGraphServiceClient()
    {
        var clientapp = ConfidentialClientApplicationBuilder
            .Create(Globals.ClientId)
            .WithTenantId(Globals.TenantId)
            .WithClientSecret(Globals.ClientSecret)                
            .Build();
    
        ClientCredentialProvider authProvider = new ClientCredentialProvider(clientapp);
    
        return new GraphServiceClient(authProvider);
    }

 public static async Task<User> GetADUserAsyncByEmail(string email)
        {
            var graphClient = GetGraphServiceClient();
            try
            {
                Logger.Log(LogLevel.Trace, $"Contacting AD tenant {Globals.Tenant} for user {email}.");
                var users = await graphClient.Users
                            .Request()
                            .Filter($"identities/any(c:c/issuerAssignedId eq '{email}' and c/issuer eq '{Globals.Tenant}')")
                            .Select("displayName,id,userPrincipalName")
                            .GetAsync();
                Logger.Log(LogLevel.Trace, $"Finished contacting AD tenant {Globals.Tenant} for user {email}.");
                var foundUser = users.FirstOrDefault();
                return foundUser;
            }
            catch (ServiceException ex)
            {
                Logger.Log(LogLevel.Error, ex, $"Error Alert:Encountered an exception when trying to get AD User {email}.");
                return null;
            }
            catch (Exception ex)
            {
                Logger.Log(LogLevel.Error, ex, $"Error Alert:Encountered an exception when trying to get AD User {email}.");
                return null;
            }

        }

1 answers

solution1
 0 ACCPTED  2021-04-07 03:04:40

It seems that Microsoft graph's handling of issuerAssignedId is not perfect.

It will encode the request url to URL-encoded format with the content of {email} being ignored.

Nevertheless, it can still return the correct result for most symbols that have not been encoded. For example, "*".

"+" seems a bit special, and Microsoft graph does not handle it well.

As a workaround, you can use Uri.EscapeDataString to encode the email and put it into filter.

 var encodedEmail = Uri.EscapeDataString(email);

AND

.Filter($"identities/any(c:c/issuerAssignedId eq '{encodedEmail}' and c/issuer eq '{Globals.Tenant}')")

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question microsoft graph api sdk fails to retrieve user by principalname/email Use Microsoft Graph SDK to authenticate user Microsoft Graph Api Create User With Microsoft Account, problem when trying to redeem the token for user information in the microsoft graph api Error uploading user photo microsoft graph api Microsoft Graph API: Omit user access token Microsoft Graph API: get user organization User unique identity in microsoft graph api Creating a user via Microsoft Graph API How to Update signin User in Microsoft graph Api
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM