cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Helper I
Helper I

Access PowerApps user in ApiController

How can I access the current User (Mail-Address) which uses a PowerApp in a custom Web Api (Restful/Swagger)? Is this possible? I could not find anything within the http header.

 

Thanks a lot!

5 REPLIES 5
Highlighted
Microsoft
Microsoft

Re: Access PowerApps user in ApiController

as part of x-ms-apim-token there is information about the currently logged in user that can be used for such information

{
  “$callerIdentity”:{
                “objectId”:””,
                “tenantId”:””
                “email”:””
  },
  “$connectionCreator”:{   // optional 
    "objectId" : "",
    "tenantId" : "",
    "upn" : ""
  }
Highlighted
Helper I
Helper I

Re: Access PowerApps user in ApiController

Ok, that is working. But how can I validate the origin of the data?

 

For someone who is interested in this:

 

    public class GetXMSApiMToken
    {
        [Newtonsoft.Json.JsonProperty(PropertyName ="sku")]
        public string SKU
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "$ConnectionKey")]
        public string ConnectionKey
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "$callerIdentity")]
        public CallerIdentity CallerIdentity
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "$connectionCreator")]
        public ConnectionCreator ConnectionCreator
        {
            get;
            set;
        }
    }

    public class CallerIdentity
    {
        [Newtonsoft.Json.JsonProperty(PropertyName = "objectid")]
        public string ObjectId
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "tenantid")]
        public string TenantId
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "email")]
        public string EMail
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "prinicipaltype")]
        public string PrinicipalType
        {
            get;
            set;
        }
    }

    public class ConnectionCreator
    {
        [Newtonsoft.Json.JsonProperty(PropertyName = "objectid")]
        public string ObjectId
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "tenantid")]
        public string TenantId
        {
            get;
            set;
        }

        [Newtonsoft.Json.JsonProperty(PropertyName = "userPrincipalName")]
        public string UserPrincipalName
        {
            get;
            set;
        }
    }

And:

        /// <summary>
        /// Get microsoft authentication token / api token
        /// </summary>
        /// <returns>Token if in header, else null</returns>
        public GetXMSApiMToken GetXMSApiMToken()
        {
            if (Request != null && Request.Headers != null)
            {
                IEnumerable<string> _values = null;
                if (Request.Headers.TryGetValues("X-MS-APIM-Tokens", out _values))
                {
                    var values = _values.ToList();
                    if (values.Count() > 0)
                    {
                        var json = Encoding.UTF8.GetString(Convert.FromBase64String(values[0]));

                        return JsonConvert.DeserializeObject<GetXMSApiMToken>(json);
                    }
                }
            }

            return null;
        }
Highlighted
Helper I
Helper I

Re: Access PowerApps user in ApiController

Is there the possibility to proof the origin of the data for such an object:

 

{
  “$callerIdentity”:{
                “objectId”:””,
                “tenantId”:””
                “email”:””
  },
  “$connectionCreator”:{   // optional 
    "objectId" : "",
    "tenantId" : "",
    "upn" : ""
  }

E.g. validate the objectId, ...

Highlighted
Microsoft
Microsoft

Re: Access PowerApps user in ApiController

Do you mean to check if the data was spoofed? having the backend transport via HTTPS should pretect against that.

If you want to corsscheck the information, Graph API calls with tenantId/ObjectId would be good - here is a starting point: https://msdn.microsoft.com/en-us/library/azure/hh974476.aspx.

 

Highlighted
Power Apps
Power Apps

Re: Access PowerApps user in ApiController

The connectionKey field is also there to authenticate the connection which forwarded the call to you if you're interested in that. But if you need to securely authenticate the user, you'll need to require login to your custom api when the user connects to it. This is also important if you'd like your custom api to be usable in Microsoft Flow, as the callerIdentity won't be a user, it will be the flow itself, however, you'll still get the user token (for oauth) or password (for basic auth) that was saved when creating the connection. For oauth, there are several identity providers supported, including a generic oauth2 handshake, but AAD has been the most seamless for me.

Helpful resources

Announcements
secondImage

New Return to Workplace

Reopen responsibly, monitor intelligently, and protect continuously with solutions for a safer work environment.

Experience what’s next for Power Apps

Join us for an in-depth look at the new Power Apps features and capabilities at the free Microsoft Business Applications Launch Event.

Check this Out

Helpful information

Featuring samples like Return to the Workplace and Emergency Response Applications

secondImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

Top Solution Authors
Top Kudoed Authors
Users online (6,804)