从Azure管理门户中,您只能看到Active Directory中用户的Object ID。
![enter image description here](https://istack.dev59.com/yr5vD.webp)
但是在C#代码中,如果你拥有该用户的JWT令牌,你可以像下面这样解码它,并从中获取任何属性:
var token = new JwtSecurityToken(jwtToken);
var oid = token.Claims.FirstOrDefault(m=>m.Type == "oid").Value;
var sub = token.Claims.FirstOrDefault(m => m.Type == "sub").Value;
然而,如果你没有用户的用户名和密码,就无法从AAD获取他们的JWT令牌。
或者,你可以使用AAD Graph API从AAD获取更详细的用户信息,但即使是Azure Graph API在响应中也没有“SUB”,只有对象ID。
https://msdn.microsoft.com/en-us/library/azure/dn151678.aspx
以下是使用AAD Graph调用GET Users的响应结果:
{
"odata.metadata": "https://graph.windows.net/contoso.onmicrosoft.com/$metadata#directoryObjects/Microsoft.WindowsAzure.ActiveDirectory.User/@Element",
"odata.type": "Microsoft.WindowsAzure.ActiveDirectory.User",
"objectType": "User",
"objectId": "4e971521-101a-4311-94f4-0917d7218b4e",
"accountEnabled": true,
"assignedLicenses": [],
"assignedPlans": [],
"city": null,
"country": null,
"department": null,
"dirSyncEnabled": null,
"displayName": "Alex Wu",
"facsimileTelephoneNumber": null,
"givenName": null,
"jobTitle": null,
"lastDirSyncTime": null,
"mail": null,
"mailNickname": "AlexW",
"mobile": null,
"otherMails": [],
"passwordPolicies": null,
"passwordProfile": null,
"physicalDeliveryOfficeName": null,
"postalCode": null,
"preferredLanguage": null,
"provisionedPlans": [],
"provisioningErrors": [],
"proxyAddresses": [],
"state": null,
"streetAddress": null,
"surname": null,
"telephoneNumber": null,
"usageLocation": null,
"userPrincipalName": "Alex@contoso.onmicrosoft.com"
}