How to create Azure AD users from within ASP .NET Core?

Question

I'm currently working in portal using ASP .NET Core. One of the requirements is to create Azure AD users, there are a couple of problems found on the way.

First, when trying to use the GraphClient SDK I get these compilation errors:

Severity    Code    Description Project File    Line    Suppression State
Error   CS0012  The type 'IList<>' is defined in an assembly that is not referenced. 
You must add a reference to assembly 'System.Runtime, Version=4.0.0.0, 
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'.  PTIWebPortal.Packages.Cloud.DNX 4.6
D:\Eduardo\PTI Projects\PTIPortal\Portal\PTIPortal\PTIWebPortal.Packages.Cloud\CloudUserManager.cs  40  Active

That one happens when trying to set the OtherMails property of the object newUser.OtherMails = new System.Collections.Generic.List();

The other compilation error is

Severity    Code    Description Project File    Line    Suppression State
Error   CS0012  The type 'Uri' is defined in an assembly that is not referenced. 
You must add a reference to assembly 'System.Runtime, Version=4.0.0.0, 
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'.  
PTIWebPortal.Packages.Cloud.DNX 4.6 
D:\Eduardo\PTI Projects\PTIPortal\Portal\PTIPortal\PTIWebPortal.Packages.Cloud\CloudUserManager.cs  43  Active

This one happens when trying to instantiate the ActiveDirectoryClient ActiveDirectoryClient adClient = new ActiveDirectoryClient(serviceRoot, null);

I think these two are errores due to the SDKs not yet fully compatible with .NET Core, since there is already a Uri type which I'm already using which is a different version

// Generated by .NET Reflector from C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

I was spending too much time on it so I decided to try using Microsoft Graph, but I keep getting a "Forbidden" response even after adding Read and Write Directory Data to the application in Azure AD this is the current code for that

public static readonly string CreateUserUrl = @"https://graph.microsoft.com/{0}/users";
public static async Task<UserInfo> CreateUser(string accessToken, UserInfo pUser)
        {
            using (var client = new HttpClient())
            {
                using (var request = new HttpRequestMessage(HttpMethod.Post, Settings.CreateUserUrl.v10Version()))
                {
                    request.Headers.Accept.Add(Json);
                    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
                    var userData = new
                    {
                        accountEnabled = true,
                        displayName = pUser.DisplayName,
                        mailNickname = pUser.Username,
                        passwordProfile = new
                        {
                            password = pUser.Password,
                            forceChangePasswordNextSignIn = false
                        },
                        userPrincipalName = string.Format("{0}@{1}", pUser.Username, pUser.Domain)
                    };
                    string serializedData = JsonConvert.SerializeObject(userData);
                    request.Content = new StringContent(serializedData, System.Text.Encoding.UTF8, "application/json");
                    //https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/users-operations
                    //http://stackoverflow.com/questions/35845541/microsoft-graph-rest-api-add-attachment-to-email-using-c-sharp-asp-net-mvc

                    using (var response = await client.SendAsync(request))
                    {
                        if (response.StatusCode == HttpStatusCode.OK)
                        {
                            var json = JObject.Parse(await response.Content.ReadAsStringAsync());
                            //myInfo.DisplayName = json?["displayName"]?.ToString();
                            //myInfo.MailAddress = json?["mail"]?.ToString().Trim().Replace(" ", string.Empty);
                            //myInfo.Department = json?["department"]?.ToString();
                            //myInfo.PhotoBytes = await GetUserPhotoAsync(accessToken, json?["userPrincipalName"]?.ToString());
                        }
                    }
                }
            }
            return pUser;
        }

Note: I am already able to log in as an Azure AD User, and I'm also able to get information using Microsoft Graph.

Any ideas what I could do to resolve either of the two problems?

• Create Azure AD Users using .NET SDKs from within a .NET Core app
• Resolve the "Forbidden" problem trying to create users using Microsoft Graph

Answer 1

If you add this to project.json under dependencies it should fix the compatibility issue

"Microsoft.NETCore.Portable.Compatibility": "1.0.1"

Answer 2

To fix the compilation error for "The type 'IList<>' is defined in an assembly that is not referenced. You must add a reference to assembly" you should add the following into web.config:

<assemblies>
    <add assembly="System.Runtime, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</assemblies>

This will resolve the first error.

Regarding the second error, try to make sure to set the right permissions in your Azure AD registration so you have read and write permissions.

Hope this helps.