Azure Question posted in
The official documentation to get you started can be found here.

How to Get Azure Authentication Details on SignIn Activities via Microsoft Graph

I need to fetch all details of the user signin activities via Microsoft Graph lib.
I gave all the permission(maybe further more)
I can get all information about signin activity but just Authentication Details are missing.

Please see the picture which one I indicate

enter image description here

Here is my code block to obtain all signin logs

var scopes = new[] { "https://graph.microsoft.com/.default" };
var tenantId = "aaaaaa-bbbb-cccc-dddd-fffffff";

var clientId = "kkkkkkkk-zzzz-yyyy-xxxxx-ghhhhhhh";
var clientSecret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
var tenantName = "example.com";

var options = new TokenCredentialOptions
{
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};

// https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential
var clientSecretCredential = new ClientSecretCredential(tenantId, clientId, clientSecret, options);
var totalList = new List<Microsoft.Graph.Models.SignIn>();
GraphServiceClient graphClient = new GraphServiceClient(clientSecretCredential, scopes);
var signIns = await graphClient.AuditLogs.SignIns.GetAsync();

var aulogs= await graphClient.AuditLogs.GetAsync();

How can I also obtain the Authentication Details ?
SignIn class has no such as Property.

Tags:

2

Answers


  1. 0

    Let‘s see the properties for the V1.0 List signin Graph API, there’s no Authentication Details property indeed, so that we don’t get it in the response should be the expected behavior.

    As a workaround, we might use the beta version API which containing the Authentication Details priperty. But APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. We’d better to continue to use the V1.0 version if possible.

    enter image description here

    Using Beta version Graph SDK requires us to use Microsoft.Graph.Beta package instead of Microsoft.Graph. Requires to pick the "Include prerelease" option.

    enter image description here

    But this API requires Microsoft Entra ID P1 or P2 license so that I can’t test for your..

    enter image description here

    Login or Signup to reply.
  2. 0

    Posting details proof of work @Tiny Wang,

    In v1.0 version of Microsoft Graph API, authenticationDetails property is not available in the response but it is available in beta version of Microsoft Graph API However, APIs in the /beta version of Microsoft Graph are still being developed and mostly not recommendable. It’s best to stick with the v1.0 version for production.

    For using Microsoft Graph APIBeta version need to have Microsoft Entra ID P1 or P2 licenses.

    Initially, I registered Microsoft Entra application, granted and consented Application type API Permissions AuditLog.Read.All and Directory.Read.All:

    enter image description here

    Make use of below C# code, To fetch SignIndetail for all users with property authenticationDetails:

    using Microsoft.Identity.Client;
using System;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Threading.Tasks;

public class Program
{
    private const string TenantId = "<tenant_id>";
    private const string ClientId = "<app_id>";
    private const string ClientSecret = "<client_secret>";
    private const string Scope = "https://graph.microsoft.com/.default";

    public static async Task Main(string[] args)
    {
        var accessToken = await GetAccessTokenAsync();
        Console.WriteLine($"Access Token: {accessToken}");

        var signInId = "YOUR_SIGNIN_ID";
        await GetSignInLogAsync(signInId, accessToken);
    }

    private static async Task<string> GetAccessTokenAsync()
    {
        IConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(ClientId)
            .WithClientSecret(ClientSecret)
            .WithAuthority(new Uri($"https://login.microsoftonline.com/{TenantId}"))
            .Build();

        var result = await app.AcquireTokenForClient(new[] { Scope }).ExecuteAsync();
        return result.AccessToken;
    }

    private static async Task GetSignInLogAsync(string signInId, string accessToken)
    {
        using var httpClient = new HttpClient();
        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

        var response = await httpClient.GetAsync($"https://graph.microsoft.com/beta/auditLogs/signIns");
        response.EnsureSuccessStatusCode();

        var content = await response.Content.ReadAsStringAsync();
        Console.WriteLine($"Sign-In Log: {content}");
    }
}

    Output:

    enter image description here

    enter image description here

    The maximum and default size is 1000 objects and by default the most recent signIns are returned first.

    Reference:

    Get signIn – Microsoft Graph beta | Microsoft Learn

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search