microsoft graph api sdk 无法通过主体名称/电子邮件检索用户

Question

我收到以下错误：

代码：Request_ResourceNotFound
消息：资源“xxxx@xxxx.net”不存在或其查询的引用属性对象之一不存在。

我正在尝试使用图形 sdk 从我的 AD B2C 租户通过电子邮件检索用户，如下所示：

public static GraphServiceClient GetGraphServiceClient()
{
    var clientapp = ConfidentialClientApplicationBuilder
        .Create(Globals.ClientId)
        .WithTenantId(Globals.TenantId)
        .WithClientSecret(Globals.ClientSecret)                
        .Build();

    ClientCredentialProvider authProvider = new ClientCredentialProvider(clientapp);

    return new GraphServiceClient(authProvider);
}



public static async Task<User> GetADUserAsyncByEmail(string email)
        {
            var graphClient = GetGraphServiceClient();
            try
            {
                var user = await graphClient.Users[email].Request().GetAsync();
                return user;
            }
            catch(ServiceException ex)
            {
                return null;
            }
            catch( Exception ex)
            {
                return null;
            }
            
        }

Answer 1

您尝试获取的用户似乎对应于consumer user，如果是这样，则需要通过issuer 和issuerAssignedId 对其进行寻址，其中：

• issuer 是 B2C 租户名称
• issuerAssignedId 是用户帐户的电子邮件地址

例子

var tenant = "{tenant-prefix}.onmicrosoft.com";
var signInName = "username@facebook.com"; 
        
var users = await graphClient.Users
            .Request()
            .Filter($"identities/any(c:c/issuerAssignedId eq '{signInName}' and c/issuer eq '{tenant}')")
            .Select("displayName,id,userPrincipalName")
            .GetAsync();

 var foundUser = users.FirstOrDefault();
 

Refer an example来自官方文档