4

I have a simple website, hosted on Azure App Services, where I enabled AAD authentication following the express setting as recommended here and it is correctly working.

Now I would like to show on navigation bar the username / email of current logged in user. How should I do?

App is developed in C# Asp.Net Core 1.0.4

Thank you very much

Giuly
  • 55
  • 1
  • 5
  • Are you using a (helper) library (like `Microsoft.VisualStudio.Services.Client`) or directly interacting over HTTP? – Richard Jan 22 '19 at 12:01
  • 1
    But I suspect you'll need to examine the result from authenticating and remember that information yourself. – Richard Jan 22 '19 at 12:13

3 Answers3

3

You are using Authentication and authorization in Azure App Service .

App Service passes user claims to your application by using special headers. External requests aren't allowed to set these headers, so they are present only if set by App Service. Some example headers include:

  • X-MS-CLIENT-PRINCIPAL-NAME
  • X-MS-CLIENT-PRINCIPAL-ID
  • X-MS-TOKEN-AAD-ID-TOKEN
  • X-MS-TOKEN-AAD-ACCESS-TOKEN

reference : https://learn.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to#access-user-claims

Code that is written in any language or framework can get the information that it needs from these headers. For ASP.NET 4.6 apps, the ClaimsPrincipal is automatically set with the appropriate values.

Your application can also obtain additional details on the authenticated user by calling /.auth/me.

But currently seems ASP.NET Core does not support flowing identity info from an IIS module (like Easy Auth) to the app code . See discussion here .

I haven't test that in current days . But you can always get user's name , token information from above headers . If you want to get more user's claims , you can make a server-side request to the in-build endpoint /.auth/me to retrieve the claims .

You can write custom middlerware to populate the User property in .net Core :

https://stackoverflow.com/a/42270669/5751404

Nan Yu
  • 26,101
  • 9
  • 68
  • 148
  • What do you mean with "you can make a server-side request to the in-build endpoint /.auth/me to retrieve the claims"? – Giuly Jan 23 '19 at 14:13
  • 1
    @Giuly , directly make a Http get request to `https://yourAzureWebsiteUrl/.auth/me` – Nan Yu Jan 24 '19 at 01:16
0

You can use ClaimsPrincipal to get the identity.

from Azure Guide

 Claim displayName = ClaimsPrincipal.Current.FindFirst(ClaimsPrincipal.Current.Identities.First().NameClaimType);
ViewBag.DisplayName = displayName != null ? displayName.Value : string.Empty;
karthickj25
  • 1,207
  • 9
  • 16
  • It doesn't work in my case (Authentication and authorization enabled in Azure App Service) – Giuly Jan 23 '19 at 14:08
0

In a simple web site as you stated; make sure your controller is inheriting from Controller.

[Authorize]
public class MyController : Controller

And then simply use 

protected string userName => User?.Identity?.Name ?? "Unnamed User";

Then use use userName. It will return the AD user's login/email name

KenL
  • 865
  • 5
  • 14
  • It doesn't work in my case (Authentication and authorization enabled in Azure App Service) – Giuly Jan 23 '19 at 14:08