multitenant-saas-guidance icon indicating copy to clipboard operation
multitenant-saas-guidance copied to clipboard

Published 20 hours ago verified publisher icon mspnp

UPN is not always an email address

Open ckittel opened this issue 2 years ago • 0 comments

Opening on behalf of @hpsin who opened this issue @ MicrosoftDocs/architecture-center-pr#4242.

Please update this code snippet:

var email = principal.FindFirst(ClaimTypes.Upn)?.Value;

or similar usage (like the following)

var email = principal.FindFirst(ClaimTypes.Upn)?.Value;
if (!string.IsNullOrWhiteSpace(email))
{
    identity.AddClaim(new Claim(ClaimTypes.Email, email));
}

The UPN is not guaranteed to be an email address. Often, it is not - e.g. many folks have domain names as UPNs, but not emails.

ckittel avatar Nov 03 '21 13:11 ckittel