Sharepoint REST api and MVC AAD connect

Question

My need is to execute this query https://<tenant>.sharepoint.com/_api/search/query?querytext=%27contenttype:articles%27 thru Sharepoint REST api from server side in C#.

I have Oauth2 connection from the MVC portal, so my goal is to retrieve token from connection and send it as bearer token to sharepoint endpoint.

I mean something like that

  string userObjectID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
  AuthenticationContext authContext = new AuthenticationContext(Startup.Authority, new NaiveSessionCache(userObjectID));
  ClientCredential credential = new ClientCredential(clientId, appKey);
  AuthenticationResult result = await authContext.AcquireTokenSilentAsync("https://<tenant>.sharepoint.com/", credential, new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));

  HttpClient client = new HttpClient();
  HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "https://<tenant>.sharepoint.com/_api/search/query?querytext=%27contenttype:articles%27");
  request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
  HttpResponseMessage response = await client.SendAsync(request);

but obviously, I can not retrieve the token...

On another side, I have built an app with ADv2 and GraphServiceClient that is working well, but I don't know how to translate the query in graph model (and I don't have any admin-consent).

So, I have 2 ways to resolve my issue, I'll like better use the 2nd option with microsoft graph api, but any help is welcome.

Thank you.

Answer 1

Around Search
The graph search API has limited capabilities, first it will only search in the current site collection (drive) you're targeting, second I'm not sure at the moment it would support a search by content type (maybe with a $filter...)
But it could be an (easier) option if that fits your constraints.

Around auth & auth
In both cases (graph or SharePoint search), what happens when people get to your application (asp.net MVC) is that the authentication middleware takes care of redirecting the user to AAD, get an access token to your app, redirects it to your app which uses that access token to create a session on the app.
My point being: at this point, all you have are:

• An access token to your app (not the graph, not SharePoint
• A session against your app

You need to do a couple of things to get to SharePoint/the graph:

• Intercept and keep the token server side (add it to the session?) if that's not already being done by your implementation of the middlewares
• Use that access token + you app id/secret/certificate to get an access token to SharePoint/the graph against AAD
• Make sure your application has permissions in AAD to talk to SharePoint/The proper graph API's

Here is a sample on how to get from "I have the access token to my app/api" to "I have an access token to the graph/SharePoint" using MSAL.
Note: I'm using a certificate here, but you could be using a secret instead

var cac = new ClientAssertionCertificate(ApplicationId, CertificateProvider.AppCertificate);
            var ua = new UserAssertion(apiAccessToken);
            authenticationResult = await authContext.AcquireTokenAsync(resource, cac, ua);

I'm not providing the code on how to intercept the token/get it here because your question is unclear on your current authentication and authorization configuration as well as what MVC "flavor" are you using (asp.net core + middlewares, classic + owin, something else?). I suggest you start another question with more details on that specific point.