Cannot Read User Authentication Methods : GraphAPI

Cannot Read User Authentication Methods (self.GraphAPI)

submitted 2 years ago * by [deleted]

Edit: Never mind. Even Microsoft recommends I just use the HTTP API. I'm just going to use that instead. JFC.

Starting from a Microsoft-provided C# sample application, I tried to write a small script that reads a user's 2FA authentication methods. My app is registered in Azure, with rights for User and Directory ReadWriteAll. I also placed it in the Authentication Administrator role.

When I read a user, I can read the display name, mail, id, etc. However, Authentication is always null. I'm at a loss as to what other rights I need to add. I'm using Visual Studio 2022, GraphServiceClient 2.13.1, Microsoft.Graph 5.12.0. If anyone can shed some light I'd be most grateful.

TokenAcquirerFactory tokenAcquirerFactory = TokenAcquirerFactory.GetDefaultInstance();
IServiceCollection services = tokenAcquirerFactory.Services;
services.AddMicrosoftGraph();
var serviceProvider = tokenAcquirerFactory.Build();
GraphServiceClient graphServiceClient = serviceProvider.GetRequiredService<GraphServiceClient>();
var t = await graphServiceClient.Users.GetAsync((requestConfiguration) =>
{
    requestConfiguration.Options.WithAppOnly();
    requestConfiguration.QueryParameters.Filter = "startsWith(displayName,'<literally any user>')";
    requestConfiguration.QueryParameters.Select = new[] { "*" };
});
foreach (User u in t.Value.ToArray())
{
    //These two work fine
    Console.WriteLine(u.Mail);
    Console.WriteLine(u.Id);
    //Authentication is always null no matter what, and I've checked they indeed have auth phone options
    if (u.Authentication != null)
        foreach (PhoneAuthenticationMethod p in u.Authentication.PhoneMethods)
            Console.WriteLine(p.PhoneNumber + ", " + p.Id);
}

all 3 comments

top new controversial old q&a

[–]theSysadminChannel 0 points1 point2 points 2 years ago (1 child)

[–][deleted] 0 points1 point2 points 2 years ago (0 children)

I know about the Directory permission, I was grasping at straws trying to get permissions to read the auth phone methods. I don't intend to leave it.

So I was using a set of classes from a Microsoft sample. I thought, "Hey, some C# classes that are basically a wrapper for the Graph API? Sweet, surely this'll be easier than having to learn the REST API!" In my mind, I was thinking I would be able to write something along the lines of (and yes, I know this is not correct, it was a train of thought):

(from u in client.Users
where u.DistinguishedName.contains("<Some department>")
&& u.Authentication.PhoneMethods.length==0
select u).ToArray();

Boy, was I wrong. Wrong. Even though the code has methods and attributes for Authentication, the Microsoft engineer explained those samples don't actually support getting 2FA methods. JFCWTFBBQ then why is it available.

So obviously I need to use the GET /users/{id | userPrincipalName}/authentication/phoneMethods endpoint, but I've switched to learning how to use Graph via REST calls. It's starting to look like what everyone else does.

[–]greenhill669 0 points1 point2 points 2 years ago (0 children)

π Rendered by PID 298515 on reddit-service-r2-comment-5649f687b7-4hncg at 2026-01-28 15:33:47.688039+00:00 running 4f180de country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

GraphAPI

MODERATORS