How to get list of Users from my Azure AD B2C in asp net core mvc app?

Question

How to get list of Users from my Azure AD B2C in asp net core mvc application?

Answer 1

You can use Azure Graph API to fetch all your users . try the code below in .net core console app :

using Newtonsoft.Json;
using System;
using System.Net.Http;
using System.Text;

namespace ConsoleApp6
{
    class Program
    {
        static void Main(string[] args)
        {

            var tenantID = "<your tenant ID>";
            var clinetID = "<your app id>";
            var client_secret = "<your app password>";

            HttpClient client = new HttpClient();
            
            //get access token from Azure AD 
            var reqContent = @"grant_type=client_credentials&resource=https://graph.microsoft.com&client_id="+ clinetID + "&client_secret="+ System.Web.HttpUtility.UrlEncode(client_secret);
            var Content = new StringContent(reqContent, Encoding.UTF8, "application/x-www-form-urlencoded");
            var response = client.PostAsync("https://login.microsoftonline.com/"+ tenantID + "/oauth2/token", Content).Result;
            var token = JsonConvert.DeserializeObject<TokenResult>(response.Content.ReadAsStringAsync().Result);
           
            //Use access token to call microsoft graph api 
            client.DefaultRequestHeaders.Add("Authorization", "Bearer " + token.access_token);
            Console.WriteLine(client.GetAsync("https://graph.microsoft.com/v1.0/users").Result.Content.ReadAsStringAsync().Result); 
            
            Console.ReadKey();

        }
    }

    class TokenResult
    {
        public string token_type { get; set; }
        public string expires_in { get; set; }
        public string ext_expires_in { get; set; }
        public string expires_on { get; set; }
        public string not_before { get; set; }
        public string resource { get; set; }
        public string access_token { get; set; }
    }

}

To run this code , you should register an app in your B2C tenant and grant read user permissions to it : Azure Active Directory => App registrations (Legacy) =>New application registration :

Note app id and create a password for your app and note it :

replace the value of clinetID with app id and replace the value of client_secret with password here .

grant read users permission to your app :

CLICK "Grant permissions" BUTTON AFTER YOU SELECT PERMISSIONS FOR YOUR APP .

If you have any further concerns ,pls feel free to let me know .

Answer 2

Please reference the Azure Graph API.

From the document:

The Azure Active Directory Graph API provides programmatic access to Azure AD through REST API endpoints. Applications can use Azure AD Graph API to perform create, read, update, and delete (CRUD) operations on directory data and objects. For example, Azure AD Graph API supports the following common operations for a user object:

• Create a new user in a directory
• Get a user’s detailed properties, such as their groups
• Update a user’s properties, such as their location and phone number, or change their password
• Check a user’s group membership for role-based access
• Disable a user’s account or delete it entirely

https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api

And here is a demo project which shows you how to list all users in your Azure B2C directory:

https://github.com/AzureADQuickStarts/B2C-GraphAPI-DotNet/blob/master/B2CGraphClient/B2CGraphClient.cs#L43-L110