Recently I needed to query Azure AD from a web api to retrieve members of an AD group, this was prototyped in a console app – C#.
Got the following packages from Nuget…
using Microsoft.Azure.ActiveDirectory.GraphClient; using Microsoft.IdentityModel.Clients.ActiveDirectory; using Microsoft.Azure.ActiveDirectory.GraphClient.Extensions;
Declared my constants – I created a new application from within the Azure Management Portal (Active Directory Area), this allowed me to get a client ID and client Secret – required for authentication.
public class Constants
{
public const string auth = "https://login.windows.net/MYDOMAIN.onmicrosoft.com";
public const string clientID = "client ID GUID";
public const string clientSecret = "client SECRET GUID";
public const string azureGraphAPI = "https://graph.windows.net";
public const string serviceRoot = "https://graph.windows.net/MYDOMAIN.onmicrosoft.com";
}
Created a method to instantiate ActiveDirectoryClient – essentially creating a connection to Azure AD.
private static async Task<string> GetAzureAdToken()
{
AuthenticationContext authenticationContext = new AuthenticationContext(Constants.auth, true);
ClientCredential clientCred = new ClientCredential(Constants.clientID, Constants.clientSecret);
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenAsync(Constants.azureGraphAPI, clientCred);
return authenticationResult.AccessToken;
}
And wrote another two methods allowing me to get a single user by querying using a UPN, and another method to allow me to retrieve a group and its members based on the group name.
private static async Task<string> GetUser(ActiveDirectoryClient adClient, string Upn)
{
var userLookupTask = adClient.Users.Where(x => x.UserPrincipalName.Equals(Upn, StringComparison.CurrentCultureIgnoreCase)).ExecuteSingleAsync();
User me = (User)await userLookupTask;
Console.WriteLine(me.DisplayName);
return me.DisplayName;
}
private static async Task<string> GetGroup(ActiveDirectoryClient adClient, string GroupName)
{
var groupLookup = adClient.Groups.Where(x => x.DisplayName.Equals(GroupName, StringComparison.CurrentCultureIgnoreCase)).ExecuteSingleAsync();
Group grp = (Group)await groupLookup;
IGroupFetcher groupFetcher = (IGroupFetcher)grp;
IPagedCollection<IDirectoryObject> members = groupFetcher.Members.ExecuteAsync().Result;
do
{
List<IDirectoryObject> directoryObjects = members.CurrentPage.ToList();
foreach (IDirectoryObject member in directoryObjects)
{
if (member is User)
{
User usr = member as User;
Console.WriteLine("user: {0} : {1} : {2}", usr.DisplayName, usr.TelephoneNumber, usr.Mobile);
}
}
members = members.MorePagesAvailable ? members = members.GetNextPageAsync().Result : null;
} while (members != null);
return grp.DisplayName;
}
Within my Main method, it was a case of connecting to Azure AD, and calling the methods…
class Program
{
static void Main(string[] args)
{
try
{
Uri serviceRoot = new Uri(Constants.serviceRoot);
ActiveDirectoryClient adContext = new ActiveDirectoryClient(serviceRoot,async () => await GetAzureAdToken());
var user = GetUser(adClient, "david.hendry@MyDomain.com");
var group = GetGroup(adContext, "IT Solutions");
Console.ReadKey();
}
catch (AuthenticationException ex)
{
Console.ReadKey();
}
}
}
}
