Skip to main content

AAD Group - Read member summary using CSharp

 Is there a way to read Azure Active directory Group (Service or Microsoft 365) programmatically 

There are different ways to do it one of them is using AAD App 

let's see with the following example: 


Pre-requisite:

  • Create an AAD App 
    • Get the AAD Group Member Reader & User Read All permission through Microsoft Graph (application permission) 
    • Create a client secret (we'll use this to access your AAD Group information in the context of AAD App)
  • Create a CSharp project (detail mentioned below)



Create and AAD App with AAD GroupMember read & user read all permission

 Step-1: Create an aad app: Login to azure porta => Azure Active Directory => App registration => create new app 

 Step-2. Once AAD App is created (e.g.: AADGroupReader) 

      Open it. 

  Go to it's API Permissions



  Click on Add Permission

  From right-hand side select "Microsoft Graph"



  Now you've to search with Keywork "User"  and select "User.Read.All"



And also search for keyword "Group" and select "GroupMember.ReadWrite.All"


 

      Once you've selected both, click "Add permission" 

  Now on the API permission, you can see both "User.Read.All" & "GroupMember.Read.All" got added.



    But you will notice that status is "Not granted for default...."

If you're AAD Admin you can Grant admin consent.

If you're not AAD Admin you may have to contact your admin to grant admin consent. 

     if you are the AAD admin, you can grant the consent like this. 

Click on "Grant admin consent for default directory"  And click "Yes" from the pop-up like this.   

Once admin consent granted, you can see a status bar with Green check-mark. 



Now let's create the client secret and save the created client secrete in a safe place (e.g.: Key vault).  

Click on "Certificates & secretes" 



New client secret


Copy the client secret and save it at a safe place.



  

With this, we're good with accessing our AAD Group and it's user detail using AAD App context (SPN context). 



Now use CSharp and get the AAD group member detail with the help of created AAD App

Step-1: Open visual studio 
Step-2: Create a console app 
Step-3: Install these libraries through Nuget package 
 Install these 3 libraries using NuGet package manager
    • Microsoft.Graph;
    • Microsoft.Graph.Auth;  // at this time it's in Preview mode.
    • Microsoft.Identity.Client;
Step-4: Write a AADGroupReader class like this. 
 In this code snipped   replace your ClientId, TenantId & clientSecret of your own app & group. 
Step-5. Assume that we've an AAD Group with the name "testaddgroup" having one user with the name "Test User"

Code snipped to read the AAD Group & fetch the user summary

Utility method:
public List GetGroupMembers(string groupName)
        {
            var userList = new List();
            try
            {
                var clientId = "your-aad-app-client-id";
                var tenantId = "your-tenant-id";
                var secret = "your-aad-app-client-secret";
                IConfidentialClientApplication confidentialClientApplication = ConfidentialClientApplicationBuilder
                                                                                   .Create(clientId)
                                                                                   .WithTenantId(tenantId)
                                                                                   .WithClientSecret(secret)
                                                                                   .Build();

                IAuthenticationProvider authProvider = new ClientCredentialProvider(confidentialClientApplication);
                GraphServiceClient graphClient = new GraphServiceClient(authProvider);

                var groupsDetails = graphClient.Groups.Request()
                    .Filter($"startswith(displayName,'{groupName}')")
                    .GetAsync()
                     .ConfigureAwait(false)
                       .GetAwaiter()
                       .GetResult()
                       .ToList()
                       .Where(x => string.Equals(x.DisplayName, groupName, StringComparison.InvariantCultureIgnoreCase))
                       .FirstOrDefault();


                var groupObjectId = groupsDetails.Id;
                var groupMembers = graphClient.Groups[groupObjectId]
                       .TransitiveMembers
                       //.Members  // just to get the direct memb er
                       .Request()
                       .GetAsync()
                       .ConfigureAwait(false)
                       .GetAwaiter()
                       .GetResult();


                foreach (var mem in groupMembers.ToList())
                {
                    //var memType = mem.GetType();
                    if (mem.GetType() == typeof(User))
                    {
                        var myUser = graphClient.Users[mem.Id].Request().GetAsync()
                       .ConfigureAwait(false)
                       .GetAwaiter()
                       .GetResult();

                        User forUser = (User)mem;

                        userList.Add(new AadGroupMember
                        {
                            ObjectId = forUser.Id,
                            UserPrincipalName = forUser.UserPrincipalName,
                            Name = forUser.DisplayName,
                            Email = forUser.Mail,

                        });
                    }
                }

                return userList;
            }
            catch (Exception ex)
            {
                throw;
            }
        }

Heping entity:
    public class AadGroupMember
    {
        public string ObjectId { get; set; }
        public string Name { get; set; }
        public string UserPrincipalName { get; set; }
        public string Email { get; set; } //UserPrincipalName
    }

Working code can be found on GitHub "AzureActiveDirectory" repo. 
Labels:

Comments

Post a Comment

Popular posts from this blog

EFCore - Collate function

Search in SQL server query is generally case insensitive (by default or based on database level collation). Suppose we have an employees table with a row having first-name column value as "My-First-Name", so if we want to do the case-sensitive search we have to explicitly use the related collate: In EF 5 (currently in Release Candidate version [RC.2.20475.6]) Collate function got introduced which helps us to use our specific collation based search.  C# with EF5 code sample: var employeeCaseSensitiveSearch = _dbContext.Employees .Where(x => EF.Functions.Collate(x.FirstName, "Latin1_General_CS_AS") == "my-first-name") .FirstOrDefault(); A related database query will be something like this: T-SQL: Case sensitive search (use specific collation e.g.: Latin1_General_CS_AS) SELECT * FROM dbo.Employees AS e WHERE e.FirstName Collate Latin1_General_CS_AS = 'my-first-name' Some of the useful CSharp function which g...
Post a Comment
Read more

EFCore - Parallel db call on same dbContext

Practically there are multiple instances when we want to do parallel DB call which will save us some time. Like if we want to get a few employees details as well as users detail and if both entities are independent of each other better to go with a parallel call to fetch the details.  With the growing ORM usage and enhanced & optimized framework of like EFCore, in most of the application (related to C# development), we generally prefer to use EFCore. With EFCore if we try to use the same DB context to do parallel db call we are getting an error (... different thread using the same DbContext....). Because dbContext call is not thread-safe Parallel DB call on the same dbContext:  Code snipped: which will throw an error private void DbCallWithParallelCallOnSameDbContext() { try { var employeesTask = _dbContext.Employees.ToListAsync(); var usersTask = _dbContext.Users.ToListAsync(); ...
Post a Comment
Read more

How to install Zen-coding plugin

As a web-developer, irrespective of the technologies (java, c-sharp, python, php e.t.c.…), we used to write CSS code to make our web-pages looks good if not at least we’re involved in write html codes. What if there is some tool to whom you give some instruction and that tool generates a good, well formatted html tags for you. These kind of coding is possible and known as “ Zen coding ” and there are lots of plug-in available from different vendors. We’re going to  discuss the steps to install this “zen-coding” plugin for “visual studio, eclipse, sublime-text & notepad++ in next few lines. Follow the below steps to install "zen-coding" plugin based on your editor.  Steps to install zen-coding plugin for (visual studio, eclipse, sublime-text,notepad++) -- -- For Visual Studio 1. Go to "Tools" -> "Extensions and Updates" 2. It'll open the "Extensions and Updates windows"    Select online form Left hand menu items ent...
Post a Comment
Read more