CODEWITHSUNDEEP
c#asp.netazureactive-directory
Michael Earls
Michael Earls

Reputation: 1557

How to get current token from Azure ActiveDirectory application

I have an ASP.NET Application created using the Visual Studio 2013 project template. For security, I chose Azure Active Directory. I have all of the login working, but I'd like to start using the Graph API to manage users in my application. I have created an Application Key to use with Azure AD, but I'm not quite sure how to go about making graph calls.

I've studied the code at https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet, but using the graph API in that way requires a token.

Is there a way to get a token from my ASP.NET application after it has successfully logged into AD that I can use to call the graph API? Maybe by adding a method to Global.asax?

Is there another way to call the graph API from an ASP.NET application created with this project template?

Upvotes: 1

Views: 7567

Answers (1)

Dushyant Gill
Dushyant Gill

Reputation: 4004

Indeed, you do need an OAuth token using which your web application can access the Graph API, on behalf of the logged in user. If you're using .Net, you are looking at the correct sample - OpenID Connect is the recommended protocol to sign-in the user and get an authorization code to access Graph API: https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet.

  1. The OpenIDConnect (SSO + Auth Code Grant flow) begins when the user clicks Sign-in link. See the _LoginPartial view (https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet/blob/master/WebAppGraphAPI/Views/Shared/_LoginPartial.cshtml) and the SignIn Action in the AccountController.
  2. The main magic happens in Startup.Auth.cs (https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet/blob/master/WebAppGraphAPI/App_Start/Startup.Auth.cs): It configures a delegate on the event AccessCodeReceived to redeem the OAuth Access Code for a Refresh Token and Access Token for the resource (Graph API) and puts the tokens in the token cache.
  3. See AuthUtils class (https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet/blob/master/WebAppGraphAPI/Utils/AuthUtils.cs): The GetAuthToken method first tries to retrieve an access token from the token cache. If the access token and refresh tokens have expired, it re-authenticates the user to populate the token cache with fresh refresh token.
  4. See TokenCacheUtils class (https://github.com/AzureADSamples/WebApp-GraphAPI-DotNet/blob/master/WebAppGraphAPI/Utils/TokenCacheUtils.cs): It calls the AAD token endpoint to get an Access token for the resource (Graph API in your case), using the Refresh token using the code

Hope this helps

Upvotes: 4

Related Questions