How to get and display the user photo with Graph SDK for .Net in a WPF application

Occasionally, we get requests asking how to get the user photo using the Graph SDK. This blog post will show you how to do that in a WPF application but I will also show you a method for getting the photo and saving it to disk with a .Net console application. You can download the sample project here: https://github.com/RayGHeld/GraphClient_GetUserPhoto This project also utilizes the Authentication Provider code in this blog…

Read More

Using Azure Management Libraries for .NET to manage Azure AD users, groups, and RBAC Role Assignments

In this blog, we will use Azure SDK for .NET to perform the following tasks: Create an Azure Active Directory (Azure AD) user, query for the created user, and delete the user. Create an Azure AD group, query for the created group, and delete the group. Add a user to the group’s members. Create an Role-based Access Control (RBAC) Role Assignment: we will assign the group created above ‘Storage Blob…

Read More

Control access to your apps in Azure AD

We get this kind of question all the time. It comes in many variations and forms like… “I only want to consent for some users to access the app.” “I only want my service account to access this app” Before we get started… First and foremost, only consenting for allowed users is not the solution. This is not the purpose for consent. Consent is to inform a user or admin…

Read More

Troubleshooting consent in Azure AD

This is a general guide for troubleshooting consent in Azure AD. It will help resolve majority of the consent related scenarios (Not all of them). In general, the application is trying to sign-in or get an access token for a resource which has not been consented by the user or admin. In general, you want to make sure all of the permissions needed by the application have been consented to.…

Read More

Implement Client Credentials flow for Graph Java Client

In my previous article , I showed you how to modify our great Graph Client for Java sample to add some additional options for things like filtering, setting the max retries for 429 errors, etc.  That sample uses the Oauth2 Device Code flow.  In this article, I will show you how to convert that and use the Client Credentials Flow.  Although, you will not be able to retrieve the same…

Read More

Using PowerShell to get Azure AD audit logs

In my previous blog, I talked about how to use PowerShell with Microsoft Graph Reporting API. In that blog, I used the Client Credentials grant flow to acquire an access token for Microsoft Graph against the V1 endpoint. Also the code sample in that blog only works if all the reporting data result set is small. In this blog I’ll discuss how to get a Microsoft Graph access token using…

Read More

Configuring Options and MaxRetries for Graph Java Client

We have a great Java Graph SDK sample in our tutorial document located here.  Pay special attention to the versions as not having the correct version of the prerequisites will give you difficulty! The sample will run a console application and uses the Oauth2 Device Code flow for authentication.  Once it compiles and runs, you will get a message like this for the device code flow sign in:  “To sign…

Read More

Some notes regarding the Microsoft Graph Subscription and webhook

For certain Azure AD resources or Directory Objects you can use Microsoft Graph to create Subscriptions to receive change notifications event. Below are some notes to be aware of: Subscription object Lifetime Each subscription object (except for Security alerts) is only valid for 3 days maximum, so make sure you renew the subscription before it expires to keep receiving change notifications. See https://docs.microsoft.com/en-us/graph/api/resources/subscription?view=graph-rest-1.0 for more detail on maximum subscription length…

Read More

Receiving error WIF10201: No valid key mapping found for securityToken

Customer has an ASP.Net MVC application using both WS-Federation OWIN middleware and Windows Identity Foundation (WIF) to authenticate to Azure AD. The application works fine initially and then fails with the following error: Error Details:Server Error in ‘/’ Application.WIF10201: No valid key mapping found for securityToken: ‘System.IdentityModel.Tokens.X509SecurityToken’ and issuer: ‘https://sts.windows.net/<Directory ID>/’. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for…

Read More

Graph Client Authentication Provider

The Graph Client Authentication Providers allows for each authentication to the graph endpoint implementing a variety of OAUTH2 flows.  I will demonstrate the use of this library in c# code based on this GitHub. Previously, you had to build your own Authentication Provider ( see my creation of the client credentials provider in a vb.net application here ) .  This library will allow you to use the following flows: Confidential…

Read More