Get logged in user with Azure Web Apps Auth

Question

Azure Web App has a great global Authentication options.
I'm currently using Azure AD as 'Authentication Provider' and as 'Log in with...' as well:

This works great but I can't figure how the get the username (email) of the currently signed in user. Many features of my app have this requirement.
Any ideas?

What language/platform are you using for your web app? – Chris Gillum Apr 12 '16 at 19:05 — Chris Gillum, Apr 12 '16 at 19:05

Chris Gillum · Accepted Answer · 2017-02-10T20:21:09.583

23

There are several ways to do this. If you're using Azure AD and node.js, the easiest way is to look at the X-MS-CLIENT-PRINCIPAL-NAME HTTP request header. That will contain the email of the user.

If you want to get user information from some JavaScript code on the client, you can alternatively make an AJAX request to the site's /.auth/me endpoint. As long as the login session cookie (currently named AppServiceAuthSession) is included in the AJAX call (which happens by default), you'll get a JSON blob that contains not only the email, but also all other claims associated with the user. This technique works on the server-side as well.

edited Feb 10 '17 at 20:21

answered Apr 12 '16 at 19:44

Chris Gillum

14,526
5
48
61

Thank's! Searching for this header also led me to the /.auth/me endpoint that contains this info as well. – nirsky Apr 13 '16 at 08:26
1

What way would you suggest for someone not using NodeJS? Specifically, would it be possible with just JavaScript on a static webpage? – nicholas79171 Feb 09 '17 at 20:35
@nicholas79171 You can call the /.auth/me endpoint to do this. I updated my answer with more details. – Chris Gillum Feb 10 '17 at 20:21
@ChrisGillum bless your soul, thank you so much. You have no idea how much time and headache you have saved me. Do you know where I can find the official documentation for this endpoint? – nicholas79171 Feb 10 '17 at 20:51
Thanks for this. The /.auth/me works in the browser. However if I send a get request from the server side to fetch the user details and display them in my app, I was return with a 401 error. Am I missing something ? – Vijay Dec 31 '19 at 11:52
@Vijay you will need to attach the auth cookie from the HTTP request to your web API to your server-side call to /.auth/me. – Chris Gillum Jan 07 '20 at 05:32

score 4 · Answer 2 · answered Sep 02 '20 at 23:17

rehash of Chris Gillum answer, w/ minor additions

Reference: https://learn.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to#access-user-claims

Client Side/SPA:

Via Endpoint: /.auth/me

axios.get("/.auth/me")
.then(r => {console.log(r.data)})

Note: This endpoint is only available if token-store is enabled (otherwise will return 404).

Note: Login session cookie (currently named AppServiceAuthSession) must be included in the AJAX call (which happens by default)

Server side:

A. Via HTTP Request Headers:

X-MS-CLIENT-PRINCIPAL-NAME #Email of user
X-MS-CLIENT-PRINCIPAL-ID
Potentially others (prefixed with X-MS-CLIENT-*)

B. Via /.auth/me endpoint (see above)

score 3 · Answer 3 · answered Aug 10 '18 at 07:21

Thanks to @Chris' answer, I was able to write a function that returns the logged in user's email.

    public static String getEmail(HttpContext context)
    {
        String identifier = "X-MS-CLIENT-PRINCIPAL-NAME";
        IEnumerable<string> headerValues = context.Request.Headers.GetValues(identifier);
        if (headerValues == null)
        {
            System.Diagnostics.Debug("No email found!");
            return "";
        }
        else { 
            System.Diagnostics.Debug(headerValues.FirstOrDefault());
            return headerValues.FirstOrDefault();
        }
    }

score 1 · Answer 4 · answered Apr 12 '16 at 19:49

If you are using the Passport-azuread library with your nodejs, you can do something like the following code snippet:

<% if (user) { %>
    <p>displayName: <%= user.displayName %></p>
    <p>givenName: <%= user.name.givenName %></p>
    <p>familyName: <%= user.name.familyName %></p>
    <p>Full User Data</p>
    <%- JSON.stringify(user) %>
<% } %>

You can find a full Azure AD example for Node here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-openidconnect-nodejs/#5-create-the-views-and-routes-in-express-to-display-our-user-in-the-website

Get logged in user with Azure Web Apps Auth

4 Answers4

Client Side/SPA:

Server side: