Use Azure Active Directory Authentication without redirecting to Microsoft

Question

Is it possible to simply pass a username and password along to Azure Active Directory and get back a bearer token instead of sending the user to the login.microsoft.com website?

The redirect breaks my Visual Studio debug and makes it impossible to see what's going on.

Answer 1

Not quite sure what your exact setup is. However it is possible to directly acquire a Bearer Token using the Password Grant.

I would only recommend this for testing purposes. Using this grant in a production scenario should only be considered for legacy purposes.

https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Username-Password-Authentication

string authority = "https://login.microsoftonline.com/contoso.com";
string[] scopes = new string[] { "user.read" };
PublicClientApplication app = new PublicClientApplication(clientId, authority);


    try
    {
        var securePassword = new SecureString();
        foreach (char c in "dummy")        // you should fetch the password
            securePassword.AppendChar(c);  // keystroke by keystroke

        result = await app.AcquireTokenByUsernamePasswordAsync(scopes, "joe@contoso.com",
                                                               securePassword);
    }
    catch(MsalException)
    {
      // See details below
    }

Console.WriteLine(result.Account.Username);

You can also use Postman or similar tools:

curl -X POST \
   https://login.windows.net/<tenant>/oauth2/token \
   -H 'Accept: application/json' \
   -H 'Content-Type: application/x-www-form-urlencoded' \
   -d 'grant_type=password&scope=openid&resource=<resourceUri>&client_id=<yourClientId>&client_secret=<clientSecret>&username=<username>&password=<password>'