Am working on a windows store javascript application. I have used the microsoft login authentication from azure as follows.
client.login("microsoftaccount").done(function (results) {;
userId = results.userId;
refreshTodoItems();
var message = "You are now logged in as: " + userId;
var dialog = new Windows.UI.Popups.MessageDialog(message);
dialog.showAsync().done(complete);
}
Am able to retreive the userid such as "Microsoftaccount:c2892313bla...."
How am I supposed to retreive the associated UserName for that Microsoft account ID?
When you're logged on, on any scripts on the server side you can query for the identities of the user (via the user.getIdentities() function), which will give you an object with access tokens which you can use to talk to the authentication providers. The post at http://blogs.msdn.com/b/carlosfigueira/archive/2012/10/25/getting-user-information-on-azure-mobile-services.aspx has an example on how to get the user name for MS account (and other providers as well).
Related
I am building a MS Teams Tab app using React JS, https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/what-are-tabs. For each app, we need to create an App Registration in Azure console. Now, in my application I am trying to retrieve the logged in user's tenant ID rather than app tenant ID.
First thing I know is that I can get the tenant ID from SSO token. So I tried to retrieve the SSO token as follow using #microsoft/teams-js package.
initialize();
const authOptions: authentication.AuthTokenRequest = {
successCallback:(token) => {
// when I decode the token, the tid field is still giving me app registration tenant's id (user can be guest and can belong to different tenant)
},
failureCallback:(error) => {
},
};
authentication.getAuthToken(authOptions);
(Note the comment in the code above).
I can get the user's tenant ID if I force the user to login using MSAL with this libraries, #azure/msal-react and #azure/msal-browser. The access token gives me the tid of the user. But the thing is that I do not want to force the user to login. How can I get the user's tennant ID without forcing the user to login?
Using this tutorial as a guide: https://github.com/Azure-Samples/ms-identity-javascript-angular-spa-aspnetcore-webapi
In the web api we need to obtain the users details (for audit purposes we want to record the details of the user in the database).
In the web api, is there a way to decode the azure token to obtain the user details? Or we could simply pass the user email from the client browser in each request also be feasible (this is easily accessible using the MSAL library for Angular)
Rather than trying to decode the token to get the current users email, the base controller exposes the current user as detailed here;
https://learn.microsoft.com/en-us/aspnet/core/migration/claimsprincipal-current?view=aspnetcore-2.1
So simply using the following I can obtain the user associated with the current request;
string email = User.FindFirstValue(ClaimTypes.Email);
You could decode token to get some information of the signed-in user such as username and email, try token with https://jwt.io/.
If you want more details, you can use MS Graph. Me means current signed-in user. Try with following Graph SDK or HttpClient sample.
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
// or graphClient.Users[user-object-id].Request().GetAsync(); for a specific user
var user = await graphClient.Me
.Request()
.GetAsync();
I created an account using createToken (client side JS)
I want to update the verification document for that account.
I have successfully uploaded a file and obtained a fileId
I am trying to attach it to the account. I am using .net server side
I have done this:
var options = new AccountUpdateOptions
{
Individual = new PersonUpdateOptions()
{
Verification = new PersonVerificationOptions()
{
Document = new PersonVerificationDocumentOptions() { FrontFileId = fileId}
}
}
};
var service = new AccountService();
Account account = service.Update(accountId, options);
However, this does not work, I get the error:
This account can only be updated with an account token, because it was
originally created with an account token. (Attempted to update param
'individual' directly.)
Am I supposed to save the token created in my db for each account in order to update?
Also how then should i update the account?
Assuming that you are using Custom connected accounts, you'll want to follow the steps in Using Connect with Custom Accounts.
As recommended there:
Store the received account ID. You need this information to perform
requests on the user's behalf.
The account id will be in the form of acct_**********.
I have an Azure mobile backend set up with easy auth for facebook and google authentication and it works as expected.
Every time a user signs in with any of the supported providers, I want to be able to verify if it's a new user or not (e-mail not in database), without make an additional call from client. Is this possible?
Every time a user signs in with any of the supported providers, I want to be able to verify if it's a new user or not (e-mail not in database), without make an additional call from client. Is this possible?
As far as I know, we couldn't directly verify if it's a new user or not.
No matter you use server flow or client flow, easy auth will just return access token for the client to access the mobile backend resources, it will not check the user is new or old.
If you want to achieve this requirement, you need write your own logic.
You could write codes after the user login successfully.
For example, facebook login.
If you the use have login successfully,you could call GetAppServiceIdentityAsync extension method to get the login credentials, which include the access token needed to make requests against the Facebook Graph API.
// Get the credentials for the logged-in user.
var credentials =
await this.User
.GetAppServiceIdentityAsync<FacebookCredentials>(this.Request);
if (credentials.Provider == "Facebook")
{
// Create a query string with the Facebook access token.
var fbRequestUrl = "https://graph.facebook.com/me/feed?access_token="
+ credentials.AccessToken;
// Create an HttpClient request.
var client = new System.Net.Http.HttpClient();
// Request the current user info from Facebook.
var resp = await client.GetAsync(fbRequestUrl);
resp.EnsureSuccessStatusCode();
// Do something here with the Facebook user information.
var fbInfo = await resp.Content.ReadAsStringAsync();
}
Then you could check the database according to the user information.
More details about how to get user information in server side, you could refer to How to: Retrieve authenticated user information.
I am integrating the login of a NodeJS app to the company's Active Directory using the Exchange Web Services endpoint. This way I can validate if the provided credentials (username and password) match with the Active Directory user's credentials.
So far I was able to successfully validate if a username/password pair is valid. What I couldn't find a solution for is getting the email address given a username.
I cannot query the Active Directory directly using LDAP since the NodeJS app will be hosted outside the company's network. An available option is to use the Exchange Web Services (2010) endpoint.
I am currently doing a ResolveNames operation http://msdn.microsoft.com/en-us/library/exchange/aa563518(v=exchg.150).aspx
The problem is that doing a Resolvenames with the username as the UnresolvedEntry value will return several Resolutions, for example if a username is john and there are also other johns in the directory, the Resolvenames query will return those as well.
I am looking for a way to get unambiguously the email address using EWS for a username (which corresponds to the valid credentials being used to query the EWS SOAP service).
Have never came across a direct method that gives email-address of logged in user, but you can do simple hack by creating a PostItem and then getting email-address by its PostItem.getFrom() method, something like :
PostItem postItem = new PostItem( service );
postItem.setBody( MessageBody.getMessageBodyFromText("Test for email-address " ) );
postItem.save();
postItem = PostItem.bind( service , postItem.getId() );
System.out.println( postItem.getFrom() );
postItem.delete( DeleteMode.HardDelete );