0

I’m working on AAD graph -> MS graph migration. Below are the API permissions configured for the registrations, when I connect the AAD from my .NET app for authentication under IAppBuilder.UseOpenIdConnectAuthentication => context.AuthenticationTicket.Identity.Claims is not pulling any information related to list of groups user’s part of. Can someone guide if I miss any trivial permission/type/consent level on this? enter image description here

Vigneash Selvaraj
  • 57
  • 1
  • 5
  • You have to call `https://graph.microsoft.com/v1.0/me/memberOf/microsoft.graph.group` Graph query to get the groups – Rukmini Aug 21 '23 at 12:45

1 Answers1

1

I created an Azure AD Application and granted API permissions:

enter image description here

Note that: To list of groups user’s part of you have to call the Microsoft Graph query https://graph.microsoft.com/v1.0/me/memberOf/microsoft.graph.group

I used the below code to fetch the details of the groups user’s part of:

string authority = "https://login.microsoftonline.com/TenantID";
string clientId = "ClientID"; 
string clientSecret = "ClientSecret";

string[] scopes = new string[] { "https://graph.microsoft.com/.default" };

IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
    .Create(clientId)
    .WithAuthority(authority)
    .WithClientSecret(clientSecret)
    .Build();

var authRequestUrl = confidentialClientApplication.GetAuthorizationRequestUrl(scopes);


string authorizationCode = "code";
AuthenticationResult authResult = await confidentialClientApplication.AcquireTokenByAuthorizationCode(scopes, authorizationCode).ExecuteAsync();

string accessToken = "authResult.AccessToken";
HttpClient httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

var response = await httpClient.GetAsync("https://graph.microsoft.com/v1.0/me/memberOf");

if (response.IsSuccessStatusCode)
{
    var content = await response.Content.ReadAsStringAsync();
    var json = JObject.Parse(content);
    var groups = json["value"];
    foreach (var group in groups)
    {
        Console.WriteLine($"Group ID: {group["id"]}, Group Name: {group["displayName"]}");
    }
}
else
{
    Console.WriteLine($"Error: {response.StatusCode}");
}

The Groups with the Group ID of user is part of displayed like below:

enter image description here

Reference:

List a user's direct memberships - Microsoft Graph v1.0

Rukmini
  • 6,015
  • 2
  • 4
  • 14