Microsoft Graph - getting a specific user and his AD group memberships using the Graph SDK code base

Question

Dipping my toes into using the Microsoft Graph API to handle finding data in our MS cloud - and I'm stuck. There's so much documentation - but never the right one....

I'm trying to use the C# Graphi client SDK, and what I'm trying to do is read a given user's details including its AD group memberships.

I've registered my app in Azure AD, and I'm able to get the IPublicClientApplication up and running and authentication works, too:

IPublicClientApplication app = PublicClientApplicationBuilder
                                       .Create(clientId)
                                       .WithTenantId(tenantId)
                                       .Build();

UsernamePasswordProvider authProvider = new UsernamePasswordProvider(app, scopes);

// creating Graph SDK client 
GraphServiceClient graphClient = new GraphServiceClient(authProvider);

string userName = "......";
var securePassword = new SecureString();

// filling secure password here.....

var users = graphClient.Users
                       .Request()
                       .WithUsernamePassword(userName, securePassword)
                       .Filter("userPrincipalName eq '[email protected]'")
                       .GetAsync().Result;

This works - I do get back the basic user details about the user specified in the filter.

Two things:

1. I don't like the fact I have to add .WithUsernamePassword seemingly to every single call to the client - isn't there a way to include that information in the graphClient once and be done with it, up to the point I log out?

2. I'm trying to get the group memberships. I can do this in the Graph Explorer by adding a /MemberOf to my query string - but I haven't been able to get this to work in the Graph SDK client scenario.

I see lots of blog showing how to get the currently logged in user's groups using

graphClient.Me.MemberOf.Request().GetAsync();

but I don't want my group memberships - I want those of the user I specified in the search filter as shown above.

Trying to simply add .Expand("memberOf") doesn't seem to help - the user object returned still has no values in its MemberOf property.

What am I missing? I can't believe this should be this tricky and hard?? Or do I really need to resort back to making HTTP GET requests against the REST API?? Seems odd if MS is providing a SDK and client code..... I'd prefer to use that, quite frankly.

Answer 1

To get the membership of a specific user you can make a call like this

await client.Users["[email protected]"].MemberOf.Request().GetAsync();

You can iterate through the list of users and replace the [email protected] in the snippet above with the user.UserPrincipalName property.

You can also use a different provider so that you only provide credentials once and it used for the lifetime of the app. For example, the code below uses the InteractiveAuthenticationProvider which will create a browser pop up and you will login once and your credentials used for the rest of the requests in your app.

IPublicClientApplication publicClientApplication = PublicClientApplicationBuilder
    .Create(clientId)
    .WithRedirectUri("http://localhost:1256")
    .Build();

InteractiveAuthenticationProvider authProvider = new InteractiveAuthenticationProvider(publicClientApplication, scopes);

GraphServiceClient client = new GraphServiceClient(authProvider);

var users = await client.Users.Request().GetAsync();

foreach (var user in users)
{
    var result = await client.Users[user.UserPrincipalName].MemberOf.Request().GetAsync();
}

You can use this page as reference for a bunch of auth providers based on your scenario. https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS