To complete this sample you need the following:
- Complete the Base Console Application Setup
- Visual Studio Code installed on your development machine. If you do not have Visual Studio Code, visit the previous link for download options. (Note: This tutorial was written with Visual Studio Code version 1.52.1. The steps in this guide may work with other versions, but that has not been tested.)
- .Net Core SDK. (Note This tutorial was written with .Net Core SDK 5.0.101. The steps in this guide may work with other versions, but that has not been tested.)
- C# extension for Visual Studio Code
- Either a personal Microsoft account with a mailbox on Outlook.com, or a Microsoft work or school account.
If you don't have a Microsoft account, there are a couple of options to get a free account:
- You can sign up for a new personal Microsoft account.
- You can sign up for the Office 365 Developer Program to get a free Office 365 subscription.
As this exercise requires new permissions the App Registration needs to be updated to include the User.ReadWrite.All permission using the new Azure AD Portal App Registrations UI.
-
Open a browser and navigate to the Azure AD Portal. Login using a personal account (aka: Microsoft Account) or Work or School Account with permissions to create app registrations.
Note: If you do not have permissions to create app registrations contact your Azure AD domain administrators.
-
Select Azure Active Directory from the left-hand navigation menu, then App registrations.
-
Click on the .NET Core Graph Tutorial item in the list
Note: If you used a different name while completing the Base Console Application Setup select that instead.
-
Click API permissions from the current page.
-
Click Add a permission from the current blade content.
-
On the Request API permissions flyout select Microsoft Graph.
-
Select Application permissions.
-
In the "Select permissions" search box type "User".
-
Select User.ReadWrite.All from the filtered list.
-
Click Add permissions at the bottom of flyout.
-
-
Back on the API permissions content blade, click Grant admin consent for <name of tenant>.
- Click Yes.
In this step you will create a UserHelper class that encapsulates the logic for creating users and finding user objects by alias and then add calls to the console application created in the Base Console Application Setup to provision a new user.
-
Create a new file in the
Helpersfolder calledUserHelper.cs. -
Replace the contents of
UserHelper.cswith the following code:using System; using System.Collections.Generic; using System.Threading.Tasks; using Microsoft.Graph; namespace ConsoleGraphTest { public class UserHelper { private GraphServiceClient _graphClient; public UserHelper(GraphServiceClient graphClient) { if (null == graphClient) throw new ArgumentNullException(nameof(graphClient)); _graphClient = graphClient; } public async Task CreateUser(string displayName, string alias, string domain, string password) { var userToAdd = BuildUserToAdd(displayName, alias, domain, password); await _graphClient.Users.Request().AddAsync(userToAdd); } public async Task<User> FindByAlias(string alias) { List<QueryOption> queryOptions = new List<QueryOption> { new QueryOption("$filter", $@"mailNickname eq '{alias}'") }; var userResult = await _graphClient.Users.Request(queryOptions).GetAsync(); if (userResult.Count != 1) throw new ApplicationException($"Unable to find a user with the alias {alias}"); return userResult[0]; } private static User BuildUserToAdd(string displayName, string alias, string domain, string password) { var passwordProfile = new PasswordProfile { Password = password, ForceChangePasswordNextSignIn = true }; var user = new User { DisplayName = displayName, UserPrincipalName = $@"{alias}@{domain}", MailNickname = alias, AccountEnabled = true, PasswordProfile = passwordProfile }; return user; } } }
This class contains the code to create a minimal user profile given the alias, domain, display name and password for a new user account and a method to load a user object from Microsoft Graph given an alias.
-
Inside the
Programclass add a new methodCreateAndFindNewUserwith the following definition. This method creates a new User in Azure Active Directory using the UserHelper class. This user will enableded and be required to change their password upon their next login.private static void CreateAndFindNewUser(IConfigurationRoot config) { const string alias = "sdk_test"; string domain = config["domain"]; var userHelper = new UserHelper(_graphServiceClient); userHelper.CreateUser("SDK Test User", alias, domain, "ChangeThis!0").GetAwaiter().GetResult(); var user = userHelper.FindByAlias(alias).Result; // Console writes for demo purposes Console.WriteLine(user.DisplayName); Console.WriteLine(user.UserPrincipalName); }
Important the value supplied as the alias must be unique for your Azure Active Directory tenant.
-
Continuing in the
Mainmethod add the following code to call the new method.CreateAndFindNewUser(config);
-
Save all files.
The console application is now able to provision new users into Azure Active Directory. In order to test the console application run the following commands from the command line:
dotnet build
dotnet run
After running this you have provisioned a new user into Azure Active Directory and are able to locate that newly added user account using an OData $filter.