Reputation: 284
UserPasswordCredential not supported with .Net Core
I have to fetch the group members from the Azure Active Directory using Microsoft graph API. For that I need authorization token. I have a method in .NET that is authenticating to an API as a user and I am using UserPasswordCredential method to fetch access token (by passing username and password).
private static string aadInstance =
ConfigurationManager.AppSettings["ida:AADInstance"];
private static string tenant =
ConfigurationManager.AppSettings["ida:Tenant"];
private static string clientId =
ConfigurationManager.AppSettings["ida:ClientId"];
private static string graphResourceId =
ConfigurationManager.AppSettings["ida:GraphResourceId"];
private static string graphApiVersion =
ConfigurationManager.AppSettings["ida:GraphApiVersion"];
private static string graphApiEndpoint =
ConfigurationManager.AppSettings["ida:Gra`phEndpoint"];
private static string appKey =
ConfigurationManager.AppSettings["ida:appKey"];
private static string authority =
String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
Uri redirectUri = new
Uri(ConfigurationManager.AppSettings["ida:RedirectUri"]);
private AuthenticationContext authContext = null;
private ClientCredential clientCredential = null;
public MainWindow()
{
InitializeComponent();
authContext = new AuthenticationContext(authority);
clientCredential = new ClientCredential(clientId, appKey);
CheckForCachedToken();
}
public async void GetToken()
{
AuthenticationResult result = null;
try
{
UserCredential uc = new UserCredential("username", "password");
result = await authContext.AcquireTokenAsync(graphResourceId, clientId, uc);
}
catch (AdalException ex)
{
if (ex.ErrorCode != "user_interaction_required")
{
MessageBox.Show(ex.Message);
}
return;
}
}
But when I upgraded the solution to .Net Core, this has broken .i.e UserPasswordCredential class is not supported in .NET core. Is there any workaround for this?
Upvotes: 2
Views: 4522
Answers (1)
Reputation: 4163
In dot net core this is not supported by Design. Hardcoding the username and the password is not a recommended way to authenticate to azure AD. In most cases the login will happen via login.live.com or if you use other identity providers like google, facebook etc it would be their login page.
Looks like you are using a windows application you can check the options for it.
Samples for various authentication options are available for reference.
Token based authentication flow is a good way to do this. The whole point of going away from username/password option is if your application handles username or password in some way it is not safe. That is why it is left for the identity provider's responsibility to do that. In case you don't want to do this way you can check the App only option Is a browser required for Onedrive/Graph Authentication
You can also see if the usage of Microsoft Authenticator app is an option. But this is mainly for adding the second factor authentication to your mobile apps.
Upvotes: 2
Related Questions
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- ADAL .Net Core nuget package does not support UserPasswordCredential
- Challenge and Authentication Schemes not found for Azure AD Authentication with dotnet Core Web MVC app
- Azure AD Not Authenticating in .NET Core 3.1
- .Net Core Identity and Azure AD Authentication
- UserPasswordCredential .Net Standard
- Authenticate user with Azure AD on .NET Core API?
- Managing Credentials in Azure .NET Core 2.0 SDK
- Microsoft Authentication in ASP.NET Core 2 and Azure App Services
- ASP.NET Core 2.0 AzureAD Authentication not working