Get logged in user with Azure Web Apps Auth

If you are using the Passport-azuread library with your nodejs, you can do something like the following code snippet:

<% if (user) { %>
    <p>displayName: <%= user.displayName %></p>
    <p>givenName: <%= user.name.givenName %></p>
    <p>familyName: <%= user.name.familyName %></p>
    <p>Full User Data</p>
    <%- JSON.stringify(user) %>
<% } %>

You can find a full Azure AD example for Node here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-openidconnect-nodejs/#5-create-the-views-and-routes-in-express-to-display-our-user-in-the-website


rehash of Chris Gillum answer, w/ minor additions


Reference: https://docs.microsoft.com/en-us/azure/app-service/app-service-authentication-how-to#access-user-claims

Client Side/SPA:

Via Endpoint: /.auth/me

axios.get("/.auth/me")
.then(r => {console.log(r.data)})

Note: This endpoint is only available if token-store is enabled (otherwise will return 404).

Note: Login session cookie (currently named AppServiceAuthSession) must be included in the AJAX call (which happens by default)


Server side:

A. Via HTTP Request Headers:

  • X-MS-CLIENT-PRINCIPAL-NAME #Email of user
  • X-MS-CLIENT-PRINCIPAL-ID
  • Potentially others (prefixed with X-MS-CLIENT-*)

B. Via /.auth/me endpoint (see above)


There are several ways to do this. If you're using Azure AD and node.js, the easiest way is to look at the X-MS-CLIENT-PRINCIPAL-NAME HTTP request header. That will contain the email of the user.

If you want to get user information from some JavaScript code on the client, you can alternatively make an AJAX request to the site's /.auth/me endpoint. As long as the login session cookie (currently named AppServiceAuthSession) is included in the AJAX call (which happens by default), you'll get a JSON blob that contains not only the email, but also all other claims associated with the user. This technique works on the server-side as well.


Thanks to @Chris' answer, I was able to write a function that returns the logged in user's email.

    public static String getEmail(HttpContext context)
    {
        String identifier = "X-MS-CLIENT-PRINCIPAL-NAME";
        IEnumerable<string> headerValues = context.Request.Headers.GetValues(identifier);
        if (headerValues == null)
        {
            System.Diagnostics.Debug("No email found!");
            return "";
        }
        else { 
            System.Diagnostics.Debug(headerValues.FirstOrDefault());
            return headerValues.FirstOrDefault();
        }
    }