extending AAD schema


We explore, once again, the directory extensions project at

https://github.com/AzureADSamples/WebApp-GraphAPI-DirectoryExtensions-DotNet

Screenshot (22)

Screenshot (21)

 

Per the instructions, we configure the software to leverage an application, using that from the last post (which explore group claims and graph objects). We use graphexplorer to learn the value of the appobjectid:

Screenshot (19)

and use clientid/clientsecret from the azure portals page about that application:

Screenshot (20)

we build the project, once we have managed the various nuget dependencies (by adding them to the projects)

Screenshot (23)

while the project doesn’t seem to work (on windows 10 beta) first time, we do see that it can get credentials as we debug.

Screenshot (24)

to debug, we first figure that we need to alter the canned user for our tenant (hardcoded to be “admin”).

Screenshot (28)

since we get a runtime error related to extensions binding, we note next that there are no extensions for this user class (which PERHAPS explains the issue).

Screenshot (29)

see https://graph.windows.net/rapmlsqa.com/applications/4079c44a-e4c0-4e45-9ec3-e11d7f259f74/extensionProperties (SEE BELOW FOR NOTES ON THIS TOPIC)

anyways, we fiddle around, and eventually get the form to load for the default user. We then add a form parameters so we can focus on our chosen user:

Screenshot (32)

Some notes (we add application permissions, that may or may NOT be relevant…)

Screenshot (26)

We also learned that the appobjectid is the objectid value from the graphexplorer view. We amend our project.

Screenshot (35)Screenshot (38)

 

We can now look at graph extensions in the graphexplorer site and also we can run the tool to create new schema extensions:

 

Screenshot (36)

 


Screenshot (38)

 

having created skypeid as a user class extension property and allowed this application to use it, we can populate a value for rapstaff user using a form that cues off the schema/metadata of the (now extended) user class:

Screenshot (39)

Obviously, each MLS tenant can be its own “application” and receive different user class extensions, with local names, etc.

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in AAD. Bookmark the permalink.