Get email address of Microsoft Live account

Question

I'm using mvc5 + c# and i'm gives my user the option to log-in to my website with external login (facebook, google, ...).

I'm trying to add Microsoft Live a as new provider. But, I'm don't see any option to get the email address of the connected user.

I'm Getting those claims when some-microsoft-user is connect ("KEY | VALUE"):

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | ***************** 
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | test 
http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider | ASP.NET Identity 
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | **************
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | **************** 
urn:microsoftaccount:id | **************** 
urn:microsoftaccount:name | ****************
urn:microsoftaccount:access_token | **************************************************************

There are any option to get the email address of the user, using this information?

Answer 1

Yes, there are. After several hours of trying I managed to get it working like this:

Code in startup.Auth.cs

var ms = new Microsoft.Owin.Security.MicrosoftAccount.MicrosoftAccountAuthenticationOptions();
ms.Scope.Add("wl.emails");
ms.Scope.Add("wl.basic");
ms.ClientId = "xxxxxxxxxxxxxxxxxxxxxx";
ms.ClientSecret = "yyyyyyyyyyyyyyyyyyyyy";
ms.Provider = new Microsoft.Owin.Security.MicrosoftAccount.MicrosoftAccountAuthenticationProvider()
{
    OnAuthenticated = async context =>
    {
        context.Identity.AddClaim(new System.Security.Claims.Claim("urn:microsoftaccount:access_token", context.AccessToken));

        foreach (var claim in context.User)
        {
            var claimType = string.Format("urn:microsoftaccount:{0}", claim.Key);
            string claimValue = claim.Value.ToString();
            if (!context.Identity.HasClaim(claimType, claimValue))
                context.Identity.AddClaim(new System.Security.Claims.Claim(claimType, claimValue, "XmlSchemaString", "Microsoft"));
        }
    }
};

app.UseMicrosoftAccountAuthentication(ms);

Code in AccountController.cs, in function ExternalLoginCallback to retrieve the email address:

string Email = string.Empty;

var externalIdentity = await AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);
var emailClaim = externalIdentity.Claims.FirstOrDefault(x => x.Type.Equals(
                                                    "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
                                                    StringComparison.OrdinalIgnoreCase));
Email = emailClaim == null ? null : emailClaim.Value;

Answer 2

For anyone running into this issue with adding a Microsoft login to your site:

I found that I can only get the email address of my Microsoft Work/School account. I made a Microsoft account with my @gmail.com address and one that is @outlook.com . Both do not have any email information associated when I query their information. However, for eligible addresses, you can get email information by doing a GET request to:

https://apis.live.net/v5.0/me?access_token=ACCESS_TOKEN

Where ACCESS_TOKEN is that which an authenticated user will provide to you*. For more information on this API, you can see this link: https://msdn.microsoft.com/en-us/library/office/dn659736.aspx

Basically, making a call to the Microsoft Live API (apis.live.net) will give you the information that the user has given you access to (so if you have enabled the wl.emails scope in your app, you should see their email address).

*Alternatively, when a user logs into your site with a Microsoft login, their requests to your site will have a header which contains both the access token and possibly their email address (email address is under the header "X-MS-CLIENT-PRINCIPAL-NAME", access token is also in the HTTP headers under "X-MS-TOKEN-MICROSOFT-ACCESS-TOKEN").