cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Helper I
Helper I

Access PowerApps user in ApiController

How can I access the current User (Mail-Address) which uses a PowerApp in a custom Web Api (Restful/Swagger)? Is this possible? I could not find anything within the http header.

 

Thanks a lot!

5 REPLIES 5
Highlighted
Microsoft
Microsoft

Re: Access PowerApps user in ApiController

as part of x-ms-apim-token there is information about the currently logged in user that can be used for such information

{
  “$callerIdentity”:{
                “objectId”:””,
                “tenantId”:””
                “email”:””
  },
  “$connectionCreator”:{   // optional 
    "objectId" : "",
    "tenantId" : "",
    "upn" : ""
  }
Highlighted
Helper I
Helper I

Re: Access PowerApps user in ApiController

Ok, that is working. But how can I validate the origin of the data?

 

For someone who is interested in this:

 

    public class GetXMSApiMToken
    {
        [Newtonsoft.Json.JsonProperty(PropertyName ="sku")]
        public string SKU
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "$ConnectionKey")]
        public string ConnectionKey
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "$callerIdentity")]
        public CallerIdentity CallerIdentity
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "$connectionCreator")]
        public ConnectionCreator ConnectionCreator
        {
            get;
            set;
        }
    }

    public class CallerIdentity
    {
        [Newtonsoft.Json.JsonProperty(PropertyName = "objectid")]
        public string ObjectId
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "tenantid")]
        public string TenantId
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "email")]
        public string EMail
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "prinicipaltype")]
        public string PrinicipalType
        {
            get;
            set;
        }
    }

    public class ConnectionCreator
    {
        [Newtonsoft.Json.JsonProperty(PropertyName = "objectid")]
        public string ObjectId
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "tenantid")]
        public string TenantId
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "userPrincipalName")]
        public string UserPrincipalName
        {
            get;
            set;
        }
    }

And:

        /// <summary>
        /// Get microsoft authentication token / api token
        /// </summary>
        /// <returns>Token if in header, else null</returns>
        public GetXMSApiMToken GetXMSApiMToken()
        {
            if (Request != null && Request.Headers != null)
            {
                IEnumerable<string> _values = null;
                if (Request.Headers.TryGetValues("X-MS-APIM-Tokens", out _values))
                {
                    var values = _values.ToList();
                    if (values.Count() > 0)
                    {
                        var json = Encoding.UTF8.GetString(Convert.FromBase64String(values[0]));

                        return JsonConvert.DeserializeObject<GetXMSApiMToken>(json);
                    }
                }
            }

            return null;
        }
Highlighted
Helper I
Helper I

Re: Access PowerApps user in ApiController

Is there the possibility to proof the origin of the data for such an object:

 

{
  “$callerIdentity”:{
                “objectId”:””,
                “tenantId”:””
                “email”:””
  },
  “$connectionCreator”:{   // optional 
    "objectId" : "",
    "tenantId" : "",
    "upn" : ""
  }

E.g. validate the objectId, ...

Highlighted
Microsoft
Microsoft

Re: Access PowerApps user in ApiController

Do you mean to check if the data was spoofed? having the backend transport via HTTPS should pretect against that.

If you want to corsscheck the information, Graph API calls with tenantId/ObjectId would be good - here is a starting point: https://msdn.microsoft.com/en-us/library/azure/hh974476.aspx.

 

Highlighted
Power Apps
Power Apps

Re: Access PowerApps user in ApiController

The connectionKey field is also there to authenticate the connection which forwarded the call to you if you're interested in that. But if you need to securely authenticate the user, you'll need to require login to your custom api when the user connects to it. This is also important if you'd like your custom api to be usable in Microsoft Flow, as the callerIdentity won't be a user, it will be the flow itself, however, you'll still get the user token (for oauth) or password (for basic auth) that was saved when creating the connection. For oauth, there are several identity providers supported, including a generic oauth2 handshake, but AAD has been the most seamless for me.

Helpful resources

Announcements
Community Conference

Power Platform Community Conference

Check out the on demand sessions that are available now!

Watch Now

Experience what’s next for Power Apps

See the latest Power Apps innovations, updates, and demos from the Microsoft Business Applications Launch Event.

Power Platform ISV Studio

Power Platform ISV Studio

ISV Studio is designed to become the go-to Power Platform destination for ISV’s to monitor & manage published applications.

secondImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

Top Solution Authors
Top Kudoed Authors
Users online (6,696)