Access token issue while accessing the graph API

Question

I am using the code below to fetch user from the azure AD using the graph API, but somehow I am getting the token access issue while doing so.

static async void MakeRequest()
        {
            var client = new HttpClient();

            var queryString = HttpUtility.ParseQueryString(string.Empty);

            /* OAuth2 is required to access this API. For more information visit:
               https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks */



            // Specify values for the following required parameters
            queryString["api-version"] = "1.6";
            // Specify values for path parameters (shown as {...})
            // var uri = "https://graph.windows.net/microsoft.onmicrosoft.com/users/{v-sidmis@microsoft.com}?" + queryString;

            var uri = "https://graph.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/users?api-version=1.6";

            var response = await client.GetAsync(uri);

            if (response.Content != null)
            {
                var responseString = await response.Content.ReadAsStringAsync();
                Console.WriteLine(responseString);
            }


        }

This code is taken up from TechNet.

Answer 1

It depends on how you want to acquire the token. There are lots of scenario to integrate the application with Azure AD. You can refer it from here.

For example, if you want to use the Azure AD Graph in a daemon or service application, we can use the Client Credential flow.

1 . First we need to register an web application on the portal( detail steps refer here) and grant the permission to read the directory data like figure below:

2 . And then we can get the clientId, secret, tenantId from the portal and use the code below to acquire token(need to install the Active Directory Authentication Library)

string authority = "https://login.microsoftonline.com/{tenantId}";
string clientId = "";
string secret = "";
string resrouce = "https://graph.windows.net";

var credential = new ClientCredential(clientId, secret);
AuthenticationContext authContext = new AuthenticationContext(authority);

var token = authContext.AcquireTokenAsync(resrouce, credential).Result.AccessToken;

Console.WriteLine(token);  

3 . Then we can use this token to call the Azure AD Graph REST directly or we can use the graph client library for Azure AD to retrieve the users. Here is the code samples for your reference:

//use the Azure AD client library
string accessToken = "";
string tenantId = ""; 
string graphResourceId = "https://graph.windows.net";

Uri servicePointUri = new Uri(graphResourceId);
Uri serviceRoot = new Uri(servicePointUri, tenantId);

ActiveDirectoryClient client = new ActiveDirectoryClient(serviceRoot, async () => await Task.FromResult(accessToken));

foreach(var user in client.Users.ExecuteAsync().Result.CurrentPage)
            Console.WriteLine(user.DisplayName);

//using the HTTP request 
var client = new HttpClient();
var tenantId = "";
var uri = $"https://graph.windows.net/{tenantId}/users?api-version=1.6";
var token = "";
client.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("bearer", token);
var response = client.GetAsync(uri).Result;
var result = response.Content.ReadAsStringAsync().Result;
Console.WriteLine(result);

Update

The secrecy is available for the web application/web API when you create an application. Then you can generate the key by keys section like figure below. After you save the app, you can copy the secrect now.