azure - Microsoft Graph API: returning only one user out of total 13 users
问题描述
In my UWP
app, I am using Microsoft Graph SDK. My Azure
account has total 13 users that I want to display in my UWP
app using the following query. But the query is returning only one (the logged in user). It happens even when I logged in as Global admin
. Moreover, the userType
of the user is shown as Null
var users = await graphClient.Users.Request()
.Select("displayName, userPrincipalName, userType")
.GetAsync();
Authorization Scopes
in my App: User.Read User.Read.All
Azure Portal showing the list of all users:
NOTE: The above query in the UWP
returns only one of these users (the logged in user)
API Permissions of the Registered App in Azure:
UPDATE:
To answer an inquiry from user @Allen Wu
:
a) I've installed the following NuGet
packages:
Install-Package Microsoft.Toolkit.Uwp.Ui.Controls -Version 6.0.0
Install-Package Microsoft.Toolkit.Uwp.Ui.Controls.DataGrid -Version 6.0.0
Install-Package Microsoft.Toolkit.Graph.Controls -IncludePrerelease
And I'm using setting the variable graphClient
as ProviderManager.Instance.GlobalProvider.Graph;
b) I have tested the app using the third to last account (Microsoft hotmail
Account shown in image 1) and the second to last account (Microsoft Outlook
account) both of which I have assigned a Global Administrator role. But they are not the Azure AD accounts.
解决方案
You should provide your code so that I can modify or point out the incorrect part.
But anyway I have found the reason.
The two accounts Microsoft hotmail
Account and Microsoft Outlook
account are actually MSA (Microsoft personal account).
Although they have been added as guest users into your tenant, if your authentication endpoint is common
, then this account will be treated as a personal account instead of a guest user under this tenant. See reference here. In your code you are using common
by default, so the user is treated as MSA and it can only get its own information.
So you need to specify the tenant id in the request. I'm not sure how you generate the graphClient
. But you can refer to the official document Authorization code provider and List users example.
But still remember to modify WithAuthority
.
An example here:
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithRedirectUri(redirectUri)
.WithAuthority("https://login.microsoftonline.com/{tenant id}/v2.0")
.WithClientSecret(clientSecret) // or .WithCertificate(certificate)
.Build();
AuthorizationCodeProvider authProvider = new AuthorizationCodeProvider(confidentialClientApplication, scopes);
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var users = await graphClient.Users
.Request()
.GetAsync();
推荐阅读
- macos - 配置 macOS 以模仿 Emacs Cu
- sql - 如何仅将某些行从一个 Access 数据库导入到另一个?
- css - 覆盖特定子项的 CSS-Grid 属性
- excel - VBA - 停止工作表执行更多代码
- javascript - 当我的文本在视口中时,如何使用计算启动 javascript 计数器?
- php - Laravel/Voyager:使用 BREAD 创建新数据时发送电子邮件
- python - django - 发布数据查询字典为空
- python - 拷贝数文件格式问题
- python - 熊猫,按日期索引
- sql - 从 Postgresql 中的同一表 (Database2) 更新表 (Database1)