azure - Microsoft Graph API: returning only one user out of total 13 users
问题描述
In my UWP app, I am using Microsoft Graph SDK. My Azure account has total 13 users that I want to display in my UWP app using the following query. But the query is returning only one (the logged in user). It happens even when I logged in as Global admin. Moreover, the userType of the user is shown as Null
var users = await graphClient.Users.Request()
.Select("displayName, userPrincipalName, userType")
.GetAsync();
Authorization Scopes in my App: User.Read User.Read.All
Azure Portal showing the list of all users:
NOTE: The above query in the UWP returns only one of these users (the logged in user)
API Permissions of the Registered App in Azure:
UPDATE:
To answer an inquiry from user @Allen Wu:
a) I've installed the following NuGet packages:
Install-Package Microsoft.Toolkit.Uwp.Ui.Controls -Version 6.0.0
Install-Package Microsoft.Toolkit.Uwp.Ui.Controls.DataGrid -Version 6.0.0
Install-Package Microsoft.Toolkit.Graph.Controls -IncludePrerelease
And I'm using setting the variable graphClient as ProviderManager.Instance.GlobalProvider.Graph;
b) I have tested the app using the third to last account (Microsoft hotmail Account shown in image 1) and the second to last account (Microsoft Outlook account) both of which I have assigned a Global Administrator role. But they are not the Azure AD accounts.
解决方案
You should provide your code so that I can modify or point out the incorrect part.
But anyway I have found the reason.
The two accounts Microsoft hotmail Account and Microsoft Outlook account are actually MSA (Microsoft personal account).
Although they have been added as guest users into your tenant, if your authentication endpoint is common, then this account will be treated as a personal account instead of a guest user under this tenant. See reference here. In your code you are using common by default, so the user is treated as MSA and it can only get its own information.
So you need to specify the tenant id in the request. I'm not sure how you generate the graphClient. But you can refer to the official document Authorization code provider and List users example.
But still remember to modify WithAuthority.
An example here:
IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithRedirectUri(redirectUri)
.WithAuthority("https://login.microsoftonline.com/{tenant id}/v2.0")
.WithClientSecret(clientSecret) // or .WithCertificate(certificate)
.Build();
AuthorizationCodeProvider authProvider = new AuthorizationCodeProvider(confidentialClientApplication, scopes);
GraphServiceClient graphClient = new GraphServiceClient(authProvider);
var users = await graphClient.Users
.Request()
.GetAsync();
推荐阅读
- macos - 配置 macOS 以模仿 Emacs Cu
- sql - 如何仅将某些行从一个 Access 数据库导入到另一个?
- css - 覆盖特定子项的 CSS-Grid 属性
- excel - VBA - 停止工作表执行更多代码
- javascript - 当我的文本在视口中时,如何使用计算启动 javascript 计数器?
- php - Laravel/Voyager:使用 BREAD 创建新数据时发送电子邮件
- python - django - 发布数据查询字典为空
- python - 拷贝数文件格式问题
- python - 熊猫,按日期索引
- sql - 从 Postgresql 中的同一表 (Database2) 更新表 (Database1)